62 lines
1.3 KiB
Markdown
62 lines
1.3 KiB
Markdown
# File uploads
|
|
|
|
## S3 Buckets
|
|
|
|
Files uploaded by users are stored in [S3 Buckets](https://s3.console.aws.amazon.com/s3/buckets?region=eu-west-2).
|
|
These buckets are not publicly accessible.
|
|
|
|
There are buckets for each environment:
|
|
|
|
- myvbv-dev.iterativ.ch
|
|
- myvbv-stage.iterativ.ch
|
|
- myvbv-prod.iterativ.ch
|
|
|
|
Add the following CORS configuration under bucket -> permissions
|
|
|
|
```
|
|
[
|
|
{
|
|
"AllowedHeaders": [
|
|
"*"
|
|
],
|
|
"AllowedMethods": [
|
|
"POST",
|
|
"GET"
|
|
],
|
|
"AllowedOrigins": [
|
|
"*"
|
|
],
|
|
"ExposeHeaders": []
|
|
}
|
|
]
|
|
```
|
|
|
|
## IAM Users
|
|
|
|
In order to access the buckets a user is required. These users are created in
|
|
the [IAM Console](https://console.aws.amazon.com/iam/home?region=eu-west-2#/users).
|
|
The users needs the following permissions:
|
|
|
|
```
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "s3:ListAllMyBuckets",
|
|
"Resource": [
|
|
"arn:aws:s3:::*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "s3:*",
|
|
"Resource": [
|
|
"arn:aws:s3:::<bucket-name>",
|
|
"arn:aws:s3:::<bucket-name>/*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
```
|