Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upDo not add ` "x-amz-acl": "public-read"` to the header when uploading artefacts to S3 bucket #1822
Comments
This comment has been minimized.
This comment has been minimized.
Cannot agree because for most users it is what we should do. Because we cannot complicate documentation and ask to do some additional steps. |
develar
added
feature
deployment
labels
Jul 12, 2017
This comment has been minimized.
This comment has been minimized.
romanrev
commented
Jul 12, 2017
|
well, please at least make an option to disable that behaviour, thank you |
This comment has been minimized.
This comment has been minimized.
|
19.16.0 — you can set acl to null to disable adding. Will be released today. |
develar
closed this
in
203c8c4
Jul 12, 2017
This comment has been minimized.
This comment has been minimized.
|
@romanrev Released. Please check. |
This comment has been minimized.
This comment has been minimized.
romanrev
commented
Jul 12, 2017
|
thanks, much appreciated for your speedy resolution of the issue! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
romanrev commentedJul 12, 2017
We have to allow the
s3:PutObjectAclin the IAM policy for theelectron-builderto be able to successfully upload the artefacts to the S3 bucket, since it always adds a header"x-amz-acl": "public-read"with each upload request - trying to mark every object it uploads to the bucket as publicly readable.I suggest that this behaviour should be optional - and not the default one, since one can also achieve the same effect with appropriately crafted S3 bucket policy - which we actually prefer to.
Another use case is when an S3 bucket with the built artefacts should not be publicly accessible at all.