Comments (4)
Here's my prototype:
@cli.command()
@click.argument("bucket")
@common_boto3_options
def make_bucket_public(bucket, **boto_options):
"""
Make a bucket public. All files will be visible to anyone who knows the URL.
s3-credentials make-bucket-public my-bucket
"""
s3 = make_client("s3", **boto_options)
try:
print("Putting public access block")
response1 = s3.put_public_access_block(
Bucket=bucket,
PublicAccessBlockConfiguration={
"BlockPublicAcls": False,
"IgnorePublicAcls": False,
"BlockPublicPolicy": False,
"RestrictPublicBuckets": False,
},
)
print("Putting bucket policy")
response2 = s3.put_bucket_policy(
Bucket=bucket,
Policy=json.dumps(policies.bucket_policy_allow_all_get(bucket)),
)
except botocore.exceptions.ClientError as ex:
click.echo(ex.__dict__, err=True)
raise click.ClickException(ex)
click.echo(json.dumps(response1, indent=4, default=str))
click.echo(json.dumps(response2, indent=4, default=str))
from s3-credentials.
I think it's possible the s3-credentials create name-of-bucket --create-bucket --public
command doesn't work correctly because it doesn't do the s3.put_public_access_block
bit.
from s3-credentials.
I asked ChatGPT what all of those boolean flags meant and it said:
The
PublicAccessBlockConfiguration
settings are used to manage public access to your S3 bucket. Each boolean option in this configuration controls a specific aspect of public access:
BlockPublicAcls:
- When set to
True
, this setting prevents the application of any new public Access Control Lists (ACLs) to the bucket or its objects. It doesn't change the existing ACLs but blocks any attempt to put a new ACL that grants public access.- When set to
False
, it allows the application of new public ACLs to the bucket and its objects.IgnorePublicAcls:
- When set to
True
, this setting ignores any public ACLs on the bucket and its objects, effectively treating them as private. Even if an object has a public ACL, it won't be publicly accessible.- When set to
False
, it respects the public ACLs on the bucket and its objects, allowing public access if a public ACL is set.BlockPublicPolicy:
- When set to
True
, this setting prevents the application of any new public bucket policies to the bucket. It blocks attempts to put a new bucket policy that grants public access.- When set to
False
, it allows the application of new public bucket policies to the bucket.RestrictPublicBuckets:
- When set to
True
, this setting restricts access to the bucket to only AWS services and authorized users within the bucket owner's account, even if the bucket has a public policy. It effectively blocks public access granted by bucket policies.- When set to
False
, it allows public access granted by bucket policies.By configuring these settings, you can control the level of public access to your S3 bucket and its objects, enhancing the security of your data. For example, setting all options to
True
provides the strictest level of access control, ensuring that the bucket and its objects are not publicly accessible under any circumstances.
So I think they should all be False
if a bucket is going to serve public files.
from s3-credentials.
Related:
from s3-credentials.
Related Issues (20)
- Way to make an existing bucket public or private HOT 1
- Convert README into documentation website HOT 3
- Make it easier to add extra policy statements HOT 10
- Provide a `--profile` option to allow AWS profile selection HOT 3
- Using --policy should imply --user-permissions-boundary=none HOT 2
- s3-credentials.AmazonS3FullAccess has MaxSessionDuration 3600, should be 12 hours HOT 5
- KeyError if listing bucket with no items returned
- s3-credentials list-buckets --details should show region and website URL, if configured HOT 2
- `s3-credentials get-objects` command HOT 7
- `get-objects/put-objects` `--skip` and `--skip-hash` options HOT 1
- Add the options to add tags to the created resources HOT 3
- `set-public-policy` command HOT 5
- Add s3:PutObjectAcl to write policies HOT 3
- `s3-credentials delete-objects` command HOT 11
- Mysterious test failure in `test_put_objects` HOT 4
- debug-bucket command HOT 2
- `s3-credentials create name-of-bucket --create-bucket --public` fails with error HOT 4
- `s3-credentials list-bucket --urls` option HOT 1
- CI failures, including ImportError: cannot import name 'mock_s3' from 'moto' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3-credentials.