Instructions to set up public access to S3 #86
Conversation
RobinDaugherty
changed the title
README.md
Outdated
|
|
||
| Ensure you have the minimum required permissions configured for the user (accessKeyId). A bare minimum policy should have the following permissions: | ||
| The environment in which the `ember deploy` command is run (outside of development) needs to have an AWS account with a policy that allows writing to the S3 bucket. |
There was a problem hiding this comment.
the only note I'd make here is to remove (outside of development), I believe that especially in early stages a lot of people will deploy from their own laptop so I think this could be confusing
There was a problem hiding this comment.
Good point. I've reworded this to be more clear.
README.md
Outdated
|
|
||
| Ensure you have the minimum required permissions configured for the user (accessKeyId). A bare minimum policy should have the following permissions: | ||
| The environment in which the `ember deploy` command is run (outside of development) needs to have an AWS account with a policy that allows writing to the S3 bucket. | ||
| The best way to do this is to create an IAM user to be the "deployer", and place its security credentials (Access Key ID and Access Secret) in the environment on the server or CI environment where deployment takes place. |
There was a problem hiding this comment.
maybe replace server with machine to address the concern I was expressing above? (open to suggestions on wording)
There was a problem hiding this comment.
Yeah, I was struggling with "server" vs "machine". I changed it to "machine", I think it makes sense.
|
hi @RobinDaugherty, thanks a lot for this! it looks great I just made a couple of tiny notes, let me know what you think! |
|
@RobinDaugherty this looks great could you squash the commits? thanks again! |
|
nevermind! I can do it here :D I always forget |
The existing documentation included some details on the policy object to provide access to the deployment script, but it seemed a little ambiguous. I added some wording to make it obvious that the deployment script needs to have its own user with
Putpermission to the bucket, and that the policy should be applied to that user account.I added an example policy to help someone provide access to the S3 bucket so that they can serve the assets to users on the web.
The existing policy included < and > around the example string that should be replaced, but this didn't really make it stand out, and the text explaining that it needs to be replaced wasn't being formatted correctly (it looked like an HTML tag, so it was either being suppressed by Github's markdown-to-HTML processor).