getwilds
Bucket (and file?) policies
At least I currently don't have permission to modify bucket ACLs, so can't test and make sure that aws_bucket_acl_modify works.
Perhaps with the new test AWS account i'll be able to test this.
My super hot take about this is that we should totally avoid bucket ACLs, which I believe is possible. I think they're a legacy feature that has been replaced by Policies.
I like that take. Makes sense, I can see there's a number of AWS docs pages that say ACLs are deprecated.
I googled around a bit and don't see it: What's the process for managing permissions for buckets then? We can do policies stuff for users, groups, roles, but not sure how it's done for buckets.
I think this is where we should get really opinionated. It appears there are both IAM Policies that can govern bucket access, and Bucket Policies that apply to individual buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html. I think we should abstract these details away from end users, and enable the following functionality:
- A function to make a bucket publicly open on the internet for anyone to read from.
- Some functionality where you can get a public file's public URL.
- A function to allow a specific user/group/role to read from a bucket.
- A function to allow a specific user/group/role to read and write from a bucket.
It would be cool if for these use cases the end user didn't have to worry about policies, and sixtyfour could create, find, and assign the appropriate policies.
Sorry for the delay. Okay, so maybe the functions would look like:
aws_bucket_as_public()aws_file_url(type = "private")oraws_file_url(type = "public")aws_group(name="users") %>% aws_bucket_allow_read()aws_group(name="users") %>% aws_bucket_allow_read_write()
Thoughts?
@seankross #21 may be the same as
Some functionality where you can get a public file's public URL
at least related