s3_asset_deploy 0.1.1 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/Gemfile.lock +1 -1
  4. data/README.md +60 -1
  5. data/lib/s3_asset_deploy/manager.rb +0 -1
  6. data/lib/s3_asset_deploy/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5d1f14b5addc89b2dcb33d380636458e467a74397d3733032035d33906b5e78b
4
- data.tar.gz: 829e2b62c558ea4692fd4447cef95f8e901d309849065c321654de8fbdc959a7
3
+ metadata.gz: 667933eaaab1a7e7098ea6f16016823de5d259ff607e62821e0acca5e52bb409
4
+ data.tar.gz: c0a246c542c4ef322cf51deff4404f48561f02625a20f0076cdd1aa61dca02c9
5
5
  SHA512:
6
- metadata.gz: c469bd3c5b39c0547ab3d455a601a3a36bf3e27f2b100739781aa11dbdff3355948c3157d0636c750c4f654364625448dce420b96ea4bde045efc339217ebec4
7
- data.tar.gz: dd0b2291255821f71790a0b78ded052e00ec53fb7e42f5d680fadb758ef6ecd0efa1fda534a1102a3749e65dd0e38d114eba3dd2eca9b46b819a6a4966b1d4b1
6
+ metadata.gz: 3eba41f3fc0c5e3a6ecb8ae7ae01d25a6be79cf326c1b90292aa85c5cce95c3e6a33b467f92fc2444faebe32988cea014330813d89d7b9ec1c88a997f6dd5e71
7
+ data.tar.gz: 3d15113a4d22bf0ad0c6374bbe12f095bf9efda81cb82bb7fba9a8dfd8e2fada0a3d05937f1ba7f8cf0f632e4714b4011d0a0bd07fd0d057046194719821bde1
data/CHANGELOG.md CHANGED
@@ -1,4 +1,8 @@
1
1
  # Changelog
2
2
 
3
+ ## [v1.0.0](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.1...v1.0.0) - 2021-05-13
4
+ ### Breaking Changes
5
+ - Remove default `acl` setting when uploading assets to bucket - [PR #25](https://github.com/Loomly/s3_asset_deploy/pull/25)
6
+
3
7
  ## [v0.1.1](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.0...v0.1.1) - 2021-03-22
4
8
  - Fix bug in AssetHelper.remove_fingerprint referencing asset_path - [4f370ad](https://github.com/Loomly/s3_asset_deploy/commit/4f370ad9c0c1c274acb9b1d8585b878f47020277)
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- s3_asset_deploy (0.1.1)
4
+ s3_asset_deploy (1.0.0)
5
5
  aws-sdk-s3 (~> 1.0)
6
6
  mime-types (~> 3.0)
7
7
 
data/README.md CHANGED
@@ -143,7 +143,7 @@ I, [2021-02-17T16:12:23.703677 #65335] INFO -- : S3AssetDeploy::Manager: Determ
143
143
  ```
144
144
 
145
145
  ## AWS IAM Permissions
146
- `S3AsetDeploy` requires the following AWS IAM permissions:
146
+ `S3AsetDeploy` requires the following AWS IAM permissions to list, put, and delete objects in your S3 Bucket:
147
147
 
148
148
  ```json
149
149
  "Statement": [
@@ -162,6 +162,65 @@ I, [2021-02-17T16:12:23.703677 #65335] INFO -- : S3AssetDeploy::Manager: Determ
162
162
  ]
163
163
  ```
164
164
 
165
+ ## Configuration with Cloudfront
166
+
167
+ ### Restricting Access with Origin Access Identity
168
+ If you want to setup Cloudfront to serve your assets, you can [restrict access to the bucket by using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-granting-permissions-to-oai) so that only Cloudfront can access the objects in your bucket.
169
+
170
+ If you do this, your bucket policy will look something like this:
171
+
172
+ ```json
173
+ {
174
+ "Version": "2012-10-17",
175
+ "Statement": [
176
+ {
177
+ "Sid": "AllowGetObject",
178
+ "Effect": "Allow",
179
+ "Principal": {
180
+ "AWS": [
181
+ "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
182
+ ]
183
+ },
184
+ "Action": "s3:GetObject",
185
+ "Resource": "arn:aws:s3:::#{YOUR_BUCKET}/*"
186
+ },
187
+ {
188
+ "Sid": "DenyGetObject",
189
+ "Effect": "Deny",
190
+ "Principal": {
191
+ "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
192
+ },
193
+ "Action": "s3:GetObject",
194
+ "Resource": "arn:aws:s3:::#{YOUR_BUCKET}/s3-asset-deploy-removal-manifest.json"
195
+ }
196
+ ]
197
+ }
198
+ ```
199
+
200
+ This policy allows Cloudfront to access everything **except** the removal manifest uploaded and maintained by this gem since this manifest does not need to be served to clients.
201
+
202
+ ### CORS
203
+ Your CORS configuration on the bucket might look something like this:
204
+
205
+ ```json
206
+ [
207
+ {
208
+ "AllowedHeaders": [
209
+ "Authorization"
210
+ ],
211
+ "AllowedMethods": [
212
+ "GET",
213
+ "HEAD"
214
+ ],
215
+ "AllowedOrigins": [
216
+ "https://*.#{YOUR_SITE}.com"
217
+ ],
218
+ "ExposeHeaders": [],
219
+ "MaxAgeSeconds": 3000
220
+ }
221
+ ]
222
+ ```
223
+
165
224
  ## Development
166
225
 
167
226
  After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
data/lib/s3_asset_deploy/manager.rb CHANGED
@@ -168,7 +168,6 @@ class S3AssetDeploy::Manager
168
168
  bucket: bucket_name,
169
169
  key: asset.path,
170
170
  body: file_handle,
171
- acl: "public-read",
172
171
  content_type: asset.mime_type,
173
172
  cache_control: "public, max-age=31536000"
174
173
  }.merge(@upload_options)
data/lib/s3_asset_deploy/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module S3AssetDeploy
4
- VERSION = "0.1.1"
4
+ VERSION = "1.0.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: s3_asset_deploy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Loomly
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-03-22 00:00:00.000000000 Z
11
+ date: 2021-05-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-s3