Comments (9)
simonw
commented on September 28, 2024
Relevant boto3 documentation: https://boto3.amazonaws.com/v1/documentation/api/1.9.42/guide/s3-example-static-web-host.html
import boto3
# Create an S3 client
s3 = boto3.client("s3")
# Create the configuration for the website
website_configuration = {
"ErrorDocument": {"Key": "error.html"},
"IndexDocument": {"Suffix": "index.html"},
}
# Set the new policy on the selected bucket
s3.put_bucket_website(Bucket="my-bucket", WebsiteConfiguration=website_configuration)from s3-credentials.
simonw
commented on September 28, 2024
I think the --website option can default to error.html and index.html in the above, maybe providing separate --website-error= and --website-index= options for people who want to customize those.
from s3-credentials.
simonw
commented on September 28, 2024
I manually confirmed that turning off the "block public access" stuff and configuring the website settings still isn't enough to expose files uploaded to the bucket - you also need to add the following bucket policy (see #19):
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject","s3:GetObjectVersion"],
"Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
}
]
}from s3-credentials.
simonw
commented on September 28, 2024
I'm going to always set them to index.html and error.html - I think those are perfectly sensible defaults. If someone really wants something else they can figure out how to do that outside of using this tool.
So I'll have a --website flag which implies --public and configures those.
from s3-credentials.
simonw
commented on September 28, 2024
Prototype:
diff --git a/s3_credentials/cli.py b/s3_credentials/cli.py
index 110c153..a9b1f84 100644
--- a/s3_credentials/cli.py
+++ b/s3_credentials/cli.py
@@ -252,6 +252,11 @@ def policy(buckets, read_only, write_only, prefix, extra_statements, public_buck
help="Make the created bucket public: anyone will be able to download files if they know their name",
is_flag=True,
)
+@click.option(
+ "--website",
+ help="Configure bucket to act as a website, using index.html and error.html",
+ is_flag=True,
+)
@click.option("--read-only", help="Only allow reading from the bucket", is_flag=True)
@click.option("--write-only", help="Only allow writing to the bucket", is_flag=True)
@click.option(
@@ -286,6 +291,7 @@ def create(
create_bucket,
prefix,
public,
+ website,
read_only,
write_only,
policy,
@@ -331,6 +337,9 @@ def create(
if not user_permissions_boundary and (policy or extra_statements):
user_permissions_boundary = "none"
+ if website:
+ public = True
+
s3 = None
iam = None
sts = None
@@ -376,6 +385,10 @@ def create(
if bucket_policy:
click.echo("... then attach the following bucket policy to it:")
click.echo(json.dumps(bucket_policy, indent=4))
+ if website:
+ click.echo(
+ "... then configure index.html and error.html website settings"
+ )
else:
s3.create_bucket(Bucket=bucket, **kwargs)
info = "Created bucket: {}".format(bucket)
@@ -388,6 +401,18 @@ def create(
Bucket=bucket, Policy=json.dumps(bucket_policy)
)
log("Attached bucket policy allowing public access")
+ if website:
+ s3.put_bucket_website(
+ Bucket=bucket,
+ WebsiteConfiguration={
+ "ErrorDocument": {"Key": "error.html"},
+ "IndexDocument": {"Suffix": "index.html"},
+ },
+ )
+ log(
+ "Configured website: IndexDocument=index.html, ErrorDocument=error.html"
+ )
+
# At this point the buckets definitely exist - create the inline policy for assume_role()
assume_role_policy = {}
if policy:from s3-credentials.
simonw
commented on September 28, 2024
Point of confusion: if you do this, you still need to change the overall URL you are using to access the bucket in order to get website behaviour: https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteEndpoints.html
http://bucket-name.s3-website.Region.amazonaws.com/
from s3-credentials.
simonw
commented on September 28, 2024
I used my prototype to create this: http://sfms-slides.s3-website.us-east-1.amazonaws.com/
Weirdly https://sfms-slides.s3-website.us-east-1.amazonaws.com/ (using https not http) doesn't seem to work for me.
from s3-credentials.
simonw
commented on September 28, 2024
https://docs.aws.amazon.com/AmazonS3/latest/userguide/website-hosting-custom-domain-walkthrough.html says:
Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.
For more information, see How do I use CloudFront to serve a static website hosted on Amazon S3?
and Requiring HTTPS for communication between viewers and CloudFront.
from s3-credentials.
simonw
commented on September 28, 2024
Would be useful if this could output that URL as part of running the command, since figuring out the URL is tricky.
Could also return that URL from the s3-credentials list-buckets --details command - which would then also need to be able to figure out what region the bucket is in.
from s3-credentials.
Related Issues (20)
- Way to make an existing bucket public or private HOT 1
- Convert README into documentation website HOT 3
- Make it easier to add extra policy statements HOT 10
- Provide a `--profile` option to allow AWS profile selection HOT 3
- Using --policy should imply --user-permissions-boundary=none HOT 2
- s3-credentials.AmazonS3FullAccess has MaxSessionDuration 3600, should be 12 hours HOT 5
- KeyError if listing bucket with no items returned
- s3-credentials list-buckets --details should show region and website URL, if configured HOT 2
- `s3-credentials get-objects` command HOT 7
- `get-objects/put-objects` `--skip` and `--skip-hash` options HOT 1
- Add the options to add tags to the created resources HOT 3
- `set-public-policy` command HOT 5
- Add s3:PutObjectAcl to write policies HOT 3
- `s3-credentials delete-objects` command HOT 11
- Mysterious test failure in `test_put_objects` HOT 4
- debug-bucket command HOT 3
- Command to make a bucket public HOT 4
- `s3-credentials create name-of-bucket --create-bucket --public` fails with error HOT 4
- `s3-credentials list-bucket --urls` option HOT 1
- CI failures, including ImportError: cannot import name 'mock_s3' from 'moto' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3-credentials.