Replies: 2 comments 3 replies
-
I would not create a second CloudFront distribution, just a second S3 bucket (and then use the URL of the bucket). For example: # serverless.yml
provider:
name: aws
# ...
environment:
# Environment variable to know the name of the S3 bucket
AWS_PUBLIC_BUCKET: !Ref UploadedFiles
iamRoleStatements:
# Allow Lambda to read and write files in the S3 bucket (remove that part if that's not necessary)
- Effect: Allow
Action: s3:*
Resource:
- !Sub '${UploadedFiles.Arn}' # the storage bucket
- !Sub '${UploadedFiles.Arn}/*' # everything inside
# [...]
resources:
Resources:
# The S3 bucket to store public user files (e.g. user uploaded files)
UploadedFiles:
Type: AWS::S3::Bucket
Properties:
# CORS policy
CorsConfiguration:
CorsRules:
- AllowedOrigins: ['*']
AllowedHeaders: ['*']
AllowedMethods: [GET, PUT, POST, DELETE, HEAD]
MaxAge: 3000
# The policy that makes the bucket publicly readable
UploadedFilesBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref UploadedFiles # References the bucket we defined above
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*' # everyone
Action: s3:GetObject # to read
Resource: !Join ['/', [!GetAtt UploadedFiles.Arn, '*']] # things in the bucket The example above should work with the Laravel docs here: https://bref.sh/docs/frameworks/laravel.html#public-files |
Beta Was this translation helpful? Give feedback.
3 replies
-
For everyone ending up here, this is what worked for me: # serverless.yml
provider:
name: aws
iam:
role:
statements:
- Effect: Allow
Action: s3:*
Resource:
- Fn::GetAtt: [PublicStorage, Arn]
- Fn::Join: ['', [Fn::GetAtt: [PublicStorage, Arn], '/*']]
- Fn::GetAtt: [PrivateStorage, Arn]
- Fn::Join: ['', [Fn::GetAtt: [PrivateStorage, Arn], '/*']]
# [...]
resources:
Resources:
PrivateStorage:
Type: AWS::S3::Bucket
PublicStorage:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: false
BlockPublicPolicy: false
IgnorePublicAcls: false
RestrictPublicBuckets: false
OwnershipControls:
Rules:
- ObjectOwnership: BucketOwnerPreferred
CorsConfiguration:
CorsRules:
- AllowedOrigins: ['*']
AllowedHeaders: ['*']
AllowedMethods: [GET, PUT, POST, DELETE, HEAD]
MaxAge: 3000
ExposedHeaders:
- x-amz-server-side-encryption
- x-amz-request-id
- x-amz-id-2
# [...]
plugins:
- ./vendor/bref/bref
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi there!
I've been going through the documentation of this wonderful tool, but I'm struggling for ideas on how to provide public access to user uploaded files.
For example, the Laravel documentation describes creating another S3 bucket to store these files:
https://bref.sh/docs/frameworks/laravel.html#file-storage-on-s3
But it doesn't cover how to provide public access to them, which is usually done through a symlink between the /public and /storage directories. The section of the documentation labeled "Public files" should really be labeled "Upload files" or "Private user storage", because no part of it describes how to make it public.
I looked through the documentation of the server-side-website construct of the lift plugin, but it only covers static assets. The storage construct appears to only cover private files as well.
If I wanted to provide both public and private storage of user uploaded files, should I be manually creating a second Cloudfront distribution with a public folder of the S3 storage bucket as the origin?
Beta Was this translation helpful? Give feedback.
All reactions