haiwen
manual/deploy_pro/setup_with_amazon_s3.md does not list required permissions
This page should describe the required S3 actions, so that we can write an appropriate IAM or Bucket policy instead of having to guess, or grant more permissions than is required for the application to function.
For example, it's obvious that PutObject would be required - but what about other actions like listBucket or ListMultiRegionAccessPoints?
I think it is better to grant a general write permission to Seafile.
I hope the rest of this software isn't written with that sort of frame of mind. That's a very dangerous idea when talking about something intended to be exposed to the internet. Should someone compromize the installation it'll be trivial for them to locate the IAM credentials used for S3 access, so the access granted by those credentials should be as minimal as possible.
For example, said attacker could enable website hosting out of the bucket, change the bucket policy, and use it to serve out a phishing website from inside my S3 bucket.