RubyGems - s3_asset_deploy - Versions diffs - 0.1.1 → 1.0.0 - Mend

s3_asset_deploy 0.1.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/Gemfile.lock +1 -1
data/README.md +60 -1
data/lib/s3_asset_deploy/manager.rb +0 -1
data/lib/s3_asset_deploy/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d1f14b5addc89b2dcb33d380636458e467a74397d3733032035d33906b5e78b
-  data.tar.gz: 829e2b62c558ea4692fd4447cef95f8e901d309849065c321654de8fbdc959a7
+  metadata.gz: 667933eaaab1a7e7098ea6f16016823de5d259ff607e62821e0acca5e52bb409
+  data.tar.gz: c0a246c542c4ef322cf51deff4404f48561f02625a20f0076cdd1aa61dca02c9
 SHA512:
-  metadata.gz: c469bd3c5b39c0547ab3d455a601a3a36bf3e27f2b100739781aa11dbdff3355948c3157d0636c750c4f654364625448dce420b96ea4bde045efc339217ebec4
-  data.tar.gz: dd0b2291255821f71790a0b78ded052e00ec53fb7e42f5d680fadb758ef6ecd0efa1fda534a1102a3749e65dd0e38d114eba3dd2eca9b46b819a6a4966b1d4b1
+  metadata.gz: 3eba41f3fc0c5e3a6ecb8ae7ae01d25a6be79cf326c1b90292aa85c5cce95c3e6a33b467f92fc2444faebe32988cea014330813d89d7b9ec1c88a997f6dd5e71
+  data.tar.gz: 3d15113a4d22bf0ad0c6374bbe12f095bf9efda81cb82bb7fba9a8dfd8e2fada0a3d05937f1ba7f8cf0f632e4714b4011d0a0bd07fd0d057046194719821bde1

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,8 @@
 # Changelog
+## [v1.0.0](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.1...v1.0.0) - 2021-05-13
+### Breaking Changes
+- Remove default `acl` setting when uploading assets to bucket - [PR #25](https://github.com/Loomly/s3_asset_deploy/pull/25)
 ## [v0.1.1](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.0...v0.1.1) - 2021-03-22
 - Fix bug in AssetHelper.remove_fingerprint referencing asset_path - [4f370ad](https://github.com/Loomly/s3_asset_deploy/commit/4f370ad9c0c1c274acb9b1d8585b878f47020277)

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    s3_asset_deploy (0.1.1)
+    s3_asset_deploy (1.0.0)
       aws-sdk-s3 (~> 1.0)
       mime-types (~> 3.0)

data/README.md CHANGED Viewed

@@ -143,7 +143,7 @@ I, [2021-02-17T16:12:23.703677 #65335]  INFO -- : S3AssetDeploy::Manager: Determ
 ```
 ## AWS IAM Permissions
-`S3AsetDeploy` requires the following AWS IAM permissions:
+`S3AsetDeploy` requires the following AWS IAM permissions to list, put, and delete objects in your S3 Bucket:
 ```json
 "Statement": [
@@ -162,6 +162,65 @@ I, [2021-02-17T16:12:23.703677 #65335]  INFO -- : S3AssetDeploy::Manager: Determ
 ]
 ```
+## Configuration with Cloudfront
+### Restricting Access with Origin Access Identity
+If you want to setup Cloudfront to serve your assets, you can [restrict access to the bucket by using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-granting-permissions-to-oai) so that only Cloudfront can access the objects in your bucket.
+If you do this, your bucket policy will look something like this:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowGetObject",
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": [
+                  "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
+                ]
+            },
+            "Action": "s3:GetObject",
+            "Resource": "arn:aws:s3:::#{YOUR_BUCKET}/*"
+        },
+        {
+            "Sid": "DenyGetObject",
+            "Effect": "Deny",
+            "Principal": {
+                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
+            },
+            "Action": "s3:GetObject",
+            "Resource": "arn:aws:s3:::#{YOUR_BUCKET}/s3-asset-deploy-removal-manifest.json"
+        }
+    ]
+}
+```
+This policy allows Cloudfront to access everything **except** the removal manifest uploaded and maintained by this gem since this manifest does not need to be served to clients.
+### CORS
+Your CORS configuration on the bucket might look something like this:
+```json
+[
+    {
+        "AllowedHeaders": [
+            "Authorization"
+        ],
+        "AllowedMethods": [
+            "GET",
+            "HEAD"
+        ],
+        "AllowedOrigins": [
+            "https://*.#{YOUR_SITE}.com"
+        ],
+        "ExposeHeaders": [],
+        "MaxAgeSeconds": 3000
+    }
+]
+```
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/s3_asset_deploy/manager.rb CHANGED Viewed

@@ -168,7 +168,6 @@ class S3AssetDeploy::Manager
       bucket: bucket_name,
       key: asset.path,
       body: file_handle,
-      acl: "public-read",
       content_type: asset.mime_type,
       cache_control: "public, max-age=31536000"
     }.merge(@upload_options)

data/lib/s3_asset_deploy/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module S3AssetDeploy
-  VERSION = "0.1.1"
+  VERSION = "1.0.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3_asset_deploy
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Loomly
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-22 00:00:00.000000000 Z
+date: 2021-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-s3