-
Notifications
You must be signed in to change notification settings - Fork 4
AWS configuration
Mike Schwab edited this page Oct 23, 2018
·
2 revisions
Commissulator uses S3 to store some images of paperwork and some cookies.
IAM identities are used to provide credentials for AWS. Contributors can request credentials that will give them access to a bucket, or any other Amazon account can be used. Credentials are distributed using encryption with the rails-env-credentials gem.
The process for creating an IAM that can only access a single bucket was a bit needlessly complex, maybe I should try to describe it here. I created a Policy that has full S3 permissions but only for one resource. It's called a boundary and it resulted in saving a policy with a made-up name that I can attach to a group or a user.