torchbox / buckup Goto Github PK
View Code? Open in Web Editor NEWCreating S3 buckets for your site with ease.
Home Page: https://pypi.org/project/buckup/
License: BSD 3-Clause "New" or "Revised" License
buckup's People
Contributors
Stargazers
Watchers
buckup's Issues
Package for Fedora COPR once stable
Check IAM permissions beforehand. Let non-essential actions fail due to lack of permissions
AccessDenied when creating bucket without buckup prefix
When creating a bucket for a production site with a compatible AWS CNAME, the bucket is created but AccessDenied is thrown when creating an access key for the user.
To recreate, run buckup using a bucket name without the buckup prefix eg-media.site.ac.uk
SUMMARY:
region: eu-west-1
bucket_name: eg-media.site.ac.uk
user_name: eg-media.site.ac.uk-s3-owner
enable_versioning: True
public_get_object_paths: frozenset({'images/*'})
cors_origins: []
botocore.exceptions.ClientError: An error occurred
(AccessDenied) when calling the CreateAccessKey operation:
User: arn:aws:iam::118612681366:user/buckup-user is not
authorized to perform: iam:CreateAccessKey on resource: user
my-prod-media.site.ac.uk-s3-owner
Info:
Python 3.7.3
Version: 0.1a2
Package for Homebrew once stable
Allow user to specify directories which are allowed to be public instead of making the whole bucket public
E.g. when using Wagtail we only want to make images folder public. documents or original_images should be not accessible by public. To accomplish that we would need to ask user for paths to open to the public, e.g.
Do you want to set up s3 policy bucket to allow s3:getObject on your bucket? [y/n]
>>> y
What paths do you want to allow s3:getObject on?
Please provide comma separated list of directories, e.g. "documents,images" or use
"*" to indicate the whole bucket.
>>> documents,images
That would create the following policy.
policy = json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Sid": "PublicGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource":[
"arn:aws:s3:::{bucket_name}/documents/*",
"arn:aws:s3:::{bucket_name}/images/*",
]
}],
})Set bucket policy to authorise user to use bucket rather than using user policy
To limit the amount of IAM permissions user has to have to create a bucket we should set user permissions on the bucket itself, e.g.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserManageBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1111111:user/bucket-s3-user"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Resource": "arn:aws:s3:::bucket"
},
{
"Sid": "AllowUserManageBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1111111111:user/bucket-s3-user"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
Pypi version requires old version of buckup
When installing buckup from pypi, the version of boto is 1.7.84.
In the code here on github it looks like it's using the latest version
To recreate
- make a fresh venv
- pip install buckup
- pip freeze > reqs.txt
Observe boot version 1.7.84
Workaround
pip install boto3==1.17.59
Fix
I imagine we just need a new pypi build released?
Bucket naming needs validation
Bucket names cannot, for example, include underscores (see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-s3-bucket-naming-requirements.html for full naming requirements).
The Bucket name? prompt allows an invalid name but the creation will fail after the Do you want to create a bucket with the above details? prompt with:
botocore.exceptions.ClientError: An error occurred (InvalidBucketName) when calling the CreateBucket operation: The specified bucket is not valid.
Package for AUR once stable
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.