torchbox / buckup Goto Github PK
View Code? Open in Web Editor NEWCreating S3 buckets for your site with ease.
Home Page: https://pypi.org/project/buckup/
License: BSD 3-Clause "New" or "Revised" License
Creating S3 buckets for your site with ease.
Home Page: https://pypi.org/project/buckup/
License: BSD 3-Clause "New" or "Revised" License
When creating a bucket for a production site with a compatible AWS CNAME, the bucket is created but AccessDenied is thrown when creating an access key for the user.
To recreate, run buckup using a bucket name without the buckup prefix eg-media.site.ac.uk
SUMMARY:
region: eu-west-1
bucket_name: eg-media.site.ac.uk
user_name: eg-media.site.ac.uk-s3-owner
enable_versioning: True
public_get_object_paths: frozenset({'images/*'})
cors_origins: []
botocore.exceptions.ClientError: An error occurred
(AccessDenied) when calling the CreateAccessKey operation:
User: arn:aws:iam::118612681366:user/buckup-user is not
authorized to perform: iam:CreateAccessKey on resource: user
my-prod-media.site.ac.uk-s3-owner
Info:
Python 3.7.3
Version: 0.1a2
E.g. when using Wagtail we only want to make images
folder public. documents
or original_images
should be not accessible by public. To accomplish that we would need to ask user for paths to open to the public, e.g.
Do you want to set up s3 policy bucket to allow s3:getObject on your bucket? [y/n]
>>> y
What paths do you want to allow s3:getObject on?
Please provide comma separated list of directories, e.g. "documents,images" or use
"*" to indicate the whole bucket.
>>> documents,images
That would create the following policy.
policy = json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Sid": "PublicGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource":[
"arn:aws:s3:::{bucket_name}/documents/*",
"arn:aws:s3:::{bucket_name}/images/*",
]
}],
})
To limit the amount of IAM permissions user has to have to create a bucket we should set user permissions on the bucket itself, e.g.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserManageBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1111111:user/bucket-s3-user"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Resource": "arn:aws:s3:::bucket"
},
{
"Sid": "AllowUserManageBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1111111111:user/bucket-s3-user"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
When installing buckup from pypi, the version of boto
is 1.7.84.
In the code here on github it looks like it's using the latest version
To recreate
Observe boot version 1.7.84
Workaround
pip install boto3==1.17.59
Fix
I imagine we just need a new pypi build released?
Bucket names cannot, for example, include underscores (see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-s3-bucket-naming-requirements.html for full naming requirements).
The Bucket name? prompt allows an invalid name but the creation will fail after the Do you want to create a bucket with the above details? prompt with:
botocore.exceptions.ClientError: An error occurred (InvalidBucketName) when calling the CreateBucket operation: The specified bucket is not valid.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.