Post AYUt73ZdS4QJu1dbWK by josephscott@mastodon.social
(DIR) More posts by josephscott@mastodon.social
(DIR) Post #AYUmIr68xjVn0QWRPc by simon@fedi.simonwillison.net
2023-08-07T18:14:35Z
0 likes, 0 repeats
Just spent 20 frustrating minutes figuring out how to setup a new S3 bucket that could be used to publicly serve static files, despite having devoted an unreasonable amount of time in the past to solving that exact same problem when I built https://s3-credentials.readthedocs.io/Why is this so hard !?
(DIR) Post #AYUmZRdKtOskx3xSs4 by gavcloud@sonomu.club
2023-08-07T18:17:30Z
0 likes, 0 repeats
@simon i feel your pain. I am similarly re-configuring a local dev environment and discovering all sorts of changes that need to be made before deploying to production. feels like i’m doing a ton of work in order to actually do work.
(DIR) Post #AYUmllNTJI9Df6PaDI by wordshaper@weatherishappening.network
2023-08-07T18:18:32Z
0 likes, 0 repeats
@simon The mistake you're trying to make is to explicitly set up the S3 bucket to serve static files. What you *actually* want to do, if the internet is anything to go by, is to try and set up the S3 bucket to be completely private and hidden. You'll fail, of course, because everyone does, and the bucket will then actually be publicly accessible and you'll be fine.
(DIR) Post #AYUnKrD5cImft2I18S by djh@chaos.social
2023-08-07T18:26:11Z
0 likes, 0 repeats
@simon With the AWS CDK we can now have re-usable infra as npm packages, likehttps://github.com/aws-samples/aws-cdk-examples/blob/master/typescript/static-site/static-site.tsI found that a bit tedious to set up once but then it's pretty neat to share infra like that 🙌Fully agree, tho, that simple things should be easy ✨
(DIR) Post #AYUnZnWxZytKoohxfU by securopean@infosec.exchange
2023-08-07T18:28:20Z
0 likes, 0 repeats
@simon I think every tech product is doomed to add more and more features for edge cases until it becomes completely unusable.
(DIR) Post #AYUoV4j8JfZSesiK92 by carlmjohnson@mastodon.social
2023-08-07T18:39:25Z
0 likes, 0 repeats
@simon They need S4: *Super* Simple-Storage-Service.
(DIR) Post #AYUrNmHwltMnJ9D43k by percederberg@mastodonsweden.se
2023-08-07T19:11:24Z
0 likes, 0 repeats
@simon You may have good reasons to stay with AWS, but these days I find the smaller competitors are both cheaper and easier (for non-enterprise security requirements). Recommended for the next time.Example: https://www.backblaze.com/cloud-storageA good list of others can be found in the rclone docs: https://rclone.org/#providers
(DIR) Post #AYUstyLPaEADv3kIFs by fmeyer@hachyderm.io
2023-08-07T19:28:40Z
0 likes, 0 repeats
@simon because they want you to use cloudfront.
(DIR) Post #AYUt73ZdS4QJu1dbWK by josephscott@mastodon.social
2023-08-07T19:28:43Z
0 likes, 0 repeats
@simon I tend to assume that anything AWS is likely going to be possible, but will take me way longer to figure out that I would guess. I understand why now there are AWS only specialists, it is a complex beast.
(DIR) Post #AYUue9sd7quwyJs1hI by offby1@wandering.shop
2023-08-07T19:48:10Z
0 likes, 0 repeats
@simon if you're interested in a concrete answer I'm happy to explain, but yeah, it's frustrating
(DIR) Post #AYUvu5wxbbTHN13iIS by lewiscowles1986@phpc.social
2023-08-07T20:01:54Z
0 likes, 0 repeats
@simon did AWS change anything?
(DIR) Post #AYUw8kSvlYYv5704Bs by simon@fedi.simonwillison.net
2023-08-07T20:04:27Z
0 likes, 0 repeats
@offby1 the specific problem I had here is that I was getting a permission denied error on my API call to set the JSON bucket policy - but setting it through the web console instead worked fine 🤷
(DIR) Post #AYUwKkP5p1Z2MevVVA by simon@fedi.simonwillison.net
2023-08-07T20:04:46Z
0 likes, 0 repeats
@lewiscowles1986 I wish I knew how to tell!
(DIR) Post #AYUwaDabanatE4gk5Y by offby1@wandering.shop
2023-08-07T20:09:58Z
0 likes, 0 repeats
@simon Ah, THAT I have no damn explanation for :DI know why the policy exists to make it harder to make a public bucket, but I'm pretty sure that it's not intended to be expressed by way of API bugs :D
(DIR) Post #AYUyJLv9Yyag3DNwG0 by jakelazaroff@mastodon.social
2023-08-07T20:28:57Z
0 likes, 0 repeats
@simon i feel this exact sentiment but with basically all of AWS
(DIR) Post #AYVCxEJqdzglPrqSTw by lewiscowles1986@phpc.social
2023-08-07T23:13:39Z
0 likes, 0 repeats
@simon did you have to confirm making a bucket public, or changing acl of objects? (two recent AWS S3 changes)
(DIR) Post #AYVKrwSePa8eDRx572 by simon@fedi.simonwillison.net
2023-08-08T00:40:56Z
0 likes, 0 repeats
@lewiscowles1986 I was trying to do it through the API in the same way I have in the past - not sure how that maps to the various buttons I clicked in the web console
(DIR) Post #AYVZYDXIiSjgh5BCHQ by lewiscowles1986@phpc.social
2023-08-08T03:26:15Z
0 likes, 0 repeats
@simon I do it via terraform, and often find their docs very instructive:- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block.html- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_objectWith API changes, such as the public access block, alas, even IaC has gaps.
(DIR) Post #AYWtIi3HgRnGweyxPc by brendan@out.ruin.io
2023-08-08T18:42:37Z
0 likes, 0 repeats
@simon the current difficulty might be due to the recent change where aws dropped ACLs by default and enabled "prevent public access".