Bucket (and file?) policies about sixtyfour HOT 6 OPEN

My super hot take about this is that we should totally avoid bucket ACLs, which I believe is possible. I think they're a legacy feature that has been replaced by Policies.

from sixtyfour.

I like that take. Makes sense, I can see there's a number of AWS docs pages that say ACLs are deprecated.

I googled around a bit and don't see it: What's the process for managing permissions for buckets then? We can do policies stuff for users, groups, roles, but not sure how it's done for buckets.

from sixtyfour.

removed the 2 bucket acl fxns

from sixtyfour.

I think this is where we should get really opinionated. It appears there are both IAM Policies that can govern bucket access, and Bucket Policies that apply to individual buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html. I think we should abstract these details away from end users, and enable the following functionality:

• A function to make a bucket publicly open on the internet for anyone to read from.
• Some functionality where you can get a public file's public URL.
• A function to allow a specific user/group/role to read from a bucket.
• A function to allow a specific user/group/role to read and write from a bucket.

It would be cool if for these use cases the end user didn't have to worry about policies, and sixtyfour could create, find, and assign the appropriate policies.

from sixtyfour.

Sorry for the delay. Okay, so maybe the functions would look like:

• aws_bucket_as_public()
• aws_file_url(type = "private") or aws_file_url(type = "public")
• aws_group(name="users") %>% aws_bucket_allow_read()
• aws_group(name="users") %>% aws_bucket_allow_read_write()

Thoughts?

from sixtyfour.

@seankross #21 may be the same as

Some functionality where you can get a public file's public URL

at least related

from sixtyfour.