More detailed instructions for configuring AWS CLI #2305
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We need to tell people that they need to be using an IAM user. We also need to tell them explicitly to enable "S3 full access": if your user doesn't have an IAM user policy that says they can access S3, then that user cannot access S3 resources in other AWS accounts, regardless of those resources' policies. (This is weird and surprising, because you can access S3 resources in your own account in that case; it's also weird and surprising that the default IAM user is forbidden from doing things that anonymous users are allowed to do.)
|
The lack of documentation is really the only blocking issue for enabling AWS verification on PhysioNet, so I'd like to enable it once we make this change. |
|
This looks great, thanks Benjamin. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add more detailed instructions to the /settings/cloud/ page.
(Remember that the AWS stuff won't appear on that page unless you set
AWS_VERIFICATION_BUCKET_NAMEin.env.)It's important to tell people that they need to enable the
AmazonS3FullAccesspolicy. Perhaps that part is obvious to people who use AWS regularly, but to me it is extremely strange and unintuitive that if you create a user with the default settings:(Pull #2292 addresses another facet of the same issue.)