Skip to content
This repository has been archived by the owner on Jun 1, 2023. It is now read-only.

Update S3 Access Permissions for new AWS Policy #428

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update S3 Access Permissions for new AWS Policy #428

wants to merge 5 commits into from

Conversation

jeffmaher
Copy link
Member

@jeffmaher jeffmaher commented Apr 27, 2023
edited
Loading

Changes

When I was running the initial setup Terraform for staging, it seems like there was a change in the default configuration of S3 buckets and the ACL setup config is no longer valid. This relates to a change apparently arrived in April 2023 (this month) which disables ACLs by default.
image

For the state setup, it's fine to remove the ACL since the new default is to block public access which is the desired config.

For the main S3 storage for the static site, it seems there are still issues in Terraform regarding the policy change that are still be added. See the following Terraform issues:

Screenshots

This is what was happening.

For the state setup:

image

After the fix, this worked:
image

For the main deployment setup:
image

After the fix, this worked:

image

Checklist

  • if changes filter/search functionality, adds or updates unit tests
  • if adds a new page, adds accessibility tests
  • if adds a new page or new interaction, adds e2e test
  • if adds a new page or new interaction, sends google analytics events and updates GA doc
  • if changes filter functionality, updates filters doc

@jeffmaher jeffmaher temporarily deployed to ownpath-pr-428 April 27, 2023 13:27 Inactive
@jeffmaher jeffmaher temporarily deployed to ownpath-pr-428 April 27, 2023 13:34 Inactive
@jeffmaher jeffmaher temporarily deployed to ownpath-pr-428 April 27, 2023 13:41 Inactive
@jeffmaher jeffmaher added the release-patch Changes that fixes something existing that was broken while maintaining backwards compatability label Apr 27, 2023
@jeffmaher jeffmaher changed the title Removed old S3 ACL config Update S3 Access Permissions for new AWS Policy Apr 27, 2023
@jeffmaher jeffmaher temporarily deployed to ownpath-pr-428 April 27, 2023 14:50 Inactive
@jeffmaher
Copy link
Member Author

jeffmaher commented Apr 27, 2023
edited
Loading

Added a new configuration for state storage and the static site S3 buckets. I linked to a few Terraform GitHub Issues in the main description of this Issue. This new configuration is a workaround until these issues are solved in Terraform and the AWS Provider.

One known issue is that there is a race condition in apply the storage_policy resource. If it fails at first, wait 5 minutes and then re-apply after the failure. The third linked issue in the description uses a timer to effectively build in this delay and that might be considered too.

@jeffmaher jeffmaher marked this pull request as ready for review April 27, 2023 14:54
@jeffmaher jeffmaher requested a review from a team as a code owner April 27, 2023 14:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
release-patch Changes that fixes something existing that was broken while maintaining backwards compatability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jeffmaher