Comments (6)
In the end, I wound up not needing to do the Policy Generator step because I used CloudFront as my CDN. However, before I went that route, I was able to just give my IAM for the adapter the following roles and get things working:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-s3-bucket.blog.assets"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:PutObjectVersionAcl",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::my-s3-bucket.blog.assets/*"
}
]
}
One thing I ran into that should also be noted in the README is that: even if you give your blog these permissions and allow public ACL's on your S3 bucket, if your account follows AWS's recommendation of blocking public ACLs on S3 buckets it will override the per-bucket setting and then this adapter will be unable to set any ACL value other than private
on new items. (Specifically, you'll get an "access denied" error in the logs.) That was what got me to switch to CloudFront in the end, though even there I have the same IAM policy as above so my adapter can continue writing to the bucket albeit now with the private ACL.
from ghost-storage-adapter-s3.
I have also run into it, not sure what to use
from ghost-storage-adapter-s3.
@christianreed do you have any thoughts on this?
from ghost-storage-adapter-s3.
Same here
from ghost-storage-adapter-s3.
Note that in this IAM policy we have both the ListBucket
action on the bucket itself, and the GetObject
action on the items in the bucket. I'm assuming one (or both?) of these is what was intended by the GetBucket
permission in the README, which does not itself appear to exist.
from ghost-storage-adapter-s3.
@genuinezack Same here. With just IAM set up, it just works!
from ghost-storage-adapter-s3.
Related Issues (20)
- Ghost 5 Dockerfile HOT 3
- [Feature request] Add support of AWS Assumed Roles (IRSA) HOT 1
- Update to AWS SDK for JavaScript (v3)
- 'We have detected an error in your custom storage adapter.'
- Does this work with the current Ghost version (2.37.0)? HOT 2
- Allow IAM Roles HOT 1
- Potential problem on stripEndingSlash function
- Duplicate file HOT 1
- Private Bucket/ACL works for images in post but not for Featured Images HOT 2
- file's path in name instead of folder HOT 1
- Access Denied for upload every time. HOT 1
- Why are there two versions of my image in s3 bucket? HOT 1
- Files not being uploaded to S3 HOT 3
- S3 Query-string order seems incorrect HOT 1
- IMAGE_SIZE_URL statusCode 403 HOT 1
- Does this work for Ghost 3? HOT 13
- Possible issue using custom s3 endpoint (wasabi)
- RFE: add support for other file types HOT 3
- Update documentation
- Presigned URLs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ghost-storage-adapter-s3.