Comments (9)
Relevant boto3
documentation: https://boto3.amazonaws.com/v1/documentation/api/1.9.42/guide/s3-example-static-web-host.html
import boto3
# Create an S3 client
s3 = boto3.client("s3")
# Create the configuration for the website
website_configuration = {
"ErrorDocument": {"Key": "error.html"},
"IndexDocument": {"Suffix": "index.html"},
}
# Set the new policy on the selected bucket
s3.put_bucket_website(Bucket="my-bucket", WebsiteConfiguration=website_configuration)
from s3-credentials.
I think the --website
option can default to error.html
and index.html
in the above, maybe providing separate --website-error=
and --website-index=
options for people who want to customize those.
from s3-credentials.
I manually confirmed that turning off the "block public access" stuff and configuring the website settings still isn't enough to expose files uploaded to the bucket - you also need to add the following bucket policy (see #19):
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject","s3:GetObjectVersion"],
"Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
}
]
}
from s3-credentials.
I'm going to always set them to index.html
and error.html
- I think those are perfectly sensible defaults. If someone really wants something else they can figure out how to do that outside of using this tool.
So I'll have a --website
flag which implies --public
and configures those.
from s3-credentials.
Prototype:
diff --git a/s3_credentials/cli.py b/s3_credentials/cli.py
index 110c153..a9b1f84 100644
--- a/s3_credentials/cli.py
+++ b/s3_credentials/cli.py
@@ -252,6 +252,11 @@ def policy(buckets, read_only, write_only, prefix, extra_statements, public_buck
help="Make the created bucket public: anyone will be able to download files if they know their name",
is_flag=True,
)
+@click.option(
+ "--website",
+ help="Configure bucket to act as a website, using index.html and error.html",
+ is_flag=True,
+)
@click.option("--read-only", help="Only allow reading from the bucket", is_flag=True)
@click.option("--write-only", help="Only allow writing to the bucket", is_flag=True)
@click.option(
@@ -286,6 +291,7 @@ def create(
create_bucket,
prefix,
public,
+ website,
read_only,
write_only,
policy,
@@ -331,6 +337,9 @@ def create(
if not user_permissions_boundary and (policy or extra_statements):
user_permissions_boundary = "none"
+ if website:
+ public = True
+
s3 = None
iam = None
sts = None
@@ -376,6 +385,10 @@ def create(
if bucket_policy:
click.echo("... then attach the following bucket policy to it:")
click.echo(json.dumps(bucket_policy, indent=4))
+ if website:
+ click.echo(
+ "... then configure index.html and error.html website settings"
+ )
else:
s3.create_bucket(Bucket=bucket, **kwargs)
info = "Created bucket: {}".format(bucket)
@@ -388,6 +401,18 @@ def create(
Bucket=bucket, Policy=json.dumps(bucket_policy)
)
log("Attached bucket policy allowing public access")
+ if website:
+ s3.put_bucket_website(
+ Bucket=bucket,
+ WebsiteConfiguration={
+ "ErrorDocument": {"Key": "error.html"},
+ "IndexDocument": {"Suffix": "index.html"},
+ },
+ )
+ log(
+ "Configured website: IndexDocument=index.html, ErrorDocument=error.html"
+ )
+
# At this point the buckets definitely exist - create the inline policy for assume_role()
assume_role_policy = {}
if policy:
from s3-credentials.
Point of confusion: if you do this, you still need to change the overall URL you are using to access the bucket in order to get website behaviour: https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteEndpoints.html
http://bucket-name.s3-website.Region.amazonaws.com/
from s3-credentials.
I used my prototype to create this: http://sfms-slides.s3-website.us-east-1.amazonaws.com/
Weirdly https://sfms-slides.s3-website.us-east-1.amazonaws.com/ (using https
not http
) doesn't seem to work for me.
from s3-credentials.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/website-hosting-custom-domain-walkthrough.html says:
Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.
For more information, see How do I use CloudFront to serve a static website hosted on Amazon S3?
and Requiring HTTPS for communication between viewers and CloudFront.
from s3-credentials.
Would be useful if this could output that URL as part of running the command, since figuring out the URL is tricky.
Could also return that URL from the s3-credentials list-buckets --details
command - which would then also need to be able to figure out what region the bucket is in.
from s3-credentials.
Related Issues (20)
- Way to make an existing bucket public or private HOT 1
- Convert README into documentation website HOT 3
- Make it easier to add extra policy statements HOT 10
- Provide a `--profile` option to allow AWS profile selection HOT 3
- Using --policy should imply --user-permissions-boundary=none HOT 2
- s3-credentials.AmazonS3FullAccess has MaxSessionDuration 3600, should be 12 hours HOT 5
- KeyError if listing bucket with no items returned
- s3-credentials list-buckets --details should show region and website URL, if configured HOT 2
- `s3-credentials get-objects` command HOT 7
- `get-objects/put-objects` `--skip` and `--skip-hash` options HOT 1
- Add the options to add tags to the created resources HOT 3
- `set-public-policy` command HOT 5
- Add s3:PutObjectAcl to write policies HOT 3
- `s3-credentials delete-objects` command HOT 11
- Mysterious test failure in `test_put_objects` HOT 4
- debug-bucket command HOT 3
- Command to make a bucket public HOT 4
- `s3-credentials create name-of-bucket --create-bucket --public` fails with error HOT 4
- `s3-credentials list-bucket --urls` option HOT 1
- CI failures, including ImportError: cannot import name 'mock_s3' from 'moto' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3-credentials.