Comments (6)
zaikin-andrew
commented on July 28, 2024
1
@k1LoW also
would be cool to add
s3Options: {
accessKeyId: "your s3 key",
secretAccessKey: "your s3 secret"
}from serverless cli profile. I can't sync buckets without public access.
from serverless-s3-sync.
k1LoW
commented on July 28, 2024
Hi @zaikin-andrew .
I have Access Denied when trying sync data
Which do you want to?
- want to access S3 objects via browser.
- want to access S3 obejcts via aws-cli with IAM.
- other
My yml file is here https://github.com/BestMood-Tech/media-shop-service/blob/refactoring/serverless.yml
I can not access your yml file (404) . Could you paste your yml to comment area?
from serverless-s3-sync.
zaikin-andrew
commented on July 28, 2024
Which do you want to?
- want to access S3 obejcts via aws-cli with IAM.
service: bmt-media-shop-service-refactor
provider:
name: aws
runtime: nodejs6.10
region: eu-central-1
profile: serverless-profile
iamRoleStatements:
- Effect: "Allow"
Action:
- s3:GetObject
- s3:PutObject
- s3:PutObjectAcl
- s3:ListBucket
- s3:DeleteObject
- s3:ListMultipartUploadParts
- s3:RestoreObject
Condition:
StringEquals:
s3:x-amz-acl:
- public-read-write
Resource:
Fn::Join:
- ""
- - "arn:aws:s3:::*"
- Effect: "Allow"
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
Resource: "*"
environment:
BUCKET: ${self:service}-templates
PDF_BUCKET: ${self:service}-pdf
REVIEW_TABLE: ${self:service}-review
PROMOCODE_TABLE: ${self:service}-promocode
USER_TABLE: ${self:service}-user
ORDER_TABLE: ${self:service}-order
package:
include:
- wkhtmltopdf
custom:
dynamodb:
start:
port: 8000
inMemory: true
migrate: true
s3:
port: 8800
directory: /tmp
cors: true
s3Sync:
- bucketName: ${self:provider.environment.BUCKET}
localDir: templates
functions:
auth:
handler: api/auth/handler.auth
# ================== Invoices =====================
printInvoice:
handler: api/invoice/handler.print
events:
- http:
path: invoice/print/{id}
method: get
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
# ================== Promocodes =====================
createPromocode:
handler: api/promocode/handler.create
events:
- http:
path: promocode/{userId}
method: post
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
checkPromocode:
handler: api/promocode/handler.check
events:
- http:
path: promocode/{userId}
method: put
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
getPromocode:
handler: api/promocode/handler.get
events:
- http:
path: promocode/{userId}
method: get
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
removePromocode:
handler: api/promocode/handler.remove
events:
- http:
path: promocode/{userId}
method: delete
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
# ================== Profiles =====================
getAllItems:
handler: api/auth/handler.getAll
events:
- http:
path: api/profiles
method: get
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
getProfile:
handler: api/auth/handler.findOrCreate
events:
- http:
path: api/profile
method: post
integration: lambda
cors: true
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
updateProfile:
handler: api/auth/handler.update
events:
- http:
method: put
path: api/profile/{id}
cors: true
integration: lambda
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
# ================== Review =====================
addReview:
handler: api/review/handler.add
events:
- http:
path: review
method: post
integration: lambda
cors: true
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
getReviews:
handler: api/review/handler.getByProductID
events:
- http:
path: review/{productID}
method: get
integration: lambda
cors: true
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
# ================== Orders =====================
createOrder:
handler: api/order/handler.createOrder
events:
- http:
method: post
path: api/order
cors: true
integration: lambda
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
getByProfileId:
handler: api/order/handler.getByProfileId
events:
- http:
method: get
path: api/order/getByProfileId/{id}
cors: true
integration: lambda
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
getById:
handler: api/order/handler.getById
events:
- http:
method: get
path: api/order/getById/{id}
cors: true
integration: lambda
authorizer:
name: auth
resultTtlInSeconds: 0
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
getByRangeDates:
handler: api/order/handler.getByRangeDates
events:
- http:
path: api/order/getByRangeDates
method: get
integration: lambda
cors: true
response:
headers:
Access-Control-Allow-Origin: "'*'"
Content-Type: "'application/json'"
template: $input.json('$')
resources:
Resources:
PdfBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.environment.PDF_BUCKET}
TemplatesBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.environment.BUCKET}
PromocodeDynamoDb:
Type: AWS::DynamoDB::Table
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
TableName: ${self:provider.environment.PROMOCODE_TABLE}
UsersDynamoDb:
Type: AWS::DynamoDB::Table
Properties:
TableName: ${self:provider.environment.USER_TABLE}
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
ReviewsDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: ${self:provider.environment.REVIEW_TABLE}
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
OrdersDynamoDb:
Type: AWS::DynamoDB::Table
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
TableName: ${self:provider.environment.ORDER_TABLE}
plugins:
- serverless-plugin-typescript
- serverless-dynamodb-local
- serverless-s3-local
- serverless-offline
- serverless-s3-syncfrom serverless-s3-sync.
zaikin-andrew
commented on July 28, 2024
Anytime when I sync files they have encryption
@k1LoW It means I can't use it via CLI or Lambda or browser.
from serverless-s3-sync.
k1LoW
commented on July 28, 2024
It seems serverless-s3-sync manage ${self:provider.environment.BUCKET}
TemplatesBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.environment.BUCKET}deploy user
IAM User that exec sls deploy can acesss ${self:provider.environment.BUCKET} ( deploy user ). because deploy user will have AdminAccess.
lambda user
But it seems Lambda IAM User ( lambda user ) can not access ${self:provider.environment.BUCKET}, because lambda user have condition.
Condition:
StringEquals:
s3:x-amz-acl:
- public-read-writefrom serverless-s3-sync.
ChristianRich1
commented on July 28, 2024
Adding the correct bucket policy to the resources worked for me:
Resources:
StaticAssetsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${sls:stage}.${self:service}.static-assets
AccessControl: PublicRead
PublicBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref StaticAssetsBucket
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:GetObject"
Resource:
- !Sub "${StaticAssetsBucket.Arn}/*"
Principal: "*"from serverless-s3-sync.
Related Issues (20)
- Multipart uploads aren't successful
- IAM Permissions needed to deploy and sync stack HOT 1
- .DS_Store files uploaded
- npm ERR! notarget No matching version found for [email protected]. HOT 1
- Files removed from S3 even with noSync: true HOT 1
- Sync is just one-way? HOT 1
- Does plugin support SSE Encryption?
- http header / UnexpectedParameter: Unexpected key 'ServiceWorkerAllowed' found in params
- InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
- AWS provider.region not set HOT 3
- Files uploaded twice with bucketPrefix HOT 2
- bucketPrefix uploads one file too much (not in localDir)
- Serverless Deprecation warning HOT 1
- Cannot read property 'defaultEncoding' HOT 3
- timeout on sync folder with folder around 300mb
- TypeError: Cannot read property 'hasOwnProperty' of undefined at serverlessS3Sync.sync HOT 2
- No Such Tag Set error
- deleteRemoved: false is not working always HOT 1
- Serverless Framework v3: new design & how to integrate HOT 3
- s3Sync operation cause IllegalLocationConstraintException
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-s3-sync.