s3_asset_deploy 0.1.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/README.md +60 -1
- data/lib/s3_asset_deploy/manager.rb +0 -1
- data/lib/s3_asset_deploy/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 667933eaaab1a7e7098ea6f16016823de5d259ff607e62821e0acca5e52bb409
|
4
|
+
data.tar.gz: c0a246c542c4ef322cf51deff4404f48561f02625a20f0076cdd1aa61dca02c9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3eba41f3fc0c5e3a6ecb8ae7ae01d25a6be79cf326c1b90292aa85c5cce95c3e6a33b467f92fc2444faebe32988cea014330813d89d7b9ec1c88a997f6dd5e71
|
7
|
+
data.tar.gz: 3d15113a4d22bf0ad0c6374bbe12f095bf9efda81cb82bb7fba9a8dfd8e2fada0a3d05937f1ba7f8cf0f632e4714b4011d0a0bd07fd0d057046194719821bde1
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,8 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v1.0.0](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.1...v1.0.0) - 2021-05-13
|
4
|
+
### Breaking Changes
|
5
|
+
- Remove default `acl` setting when uploading assets to bucket - [PR #25](https://github.com/Loomly/s3_asset_deploy/pull/25)
|
6
|
+
|
3
7
|
## [v0.1.1](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.0...v0.1.1) - 2021-03-22
|
4
8
|
- Fix bug in AssetHelper.remove_fingerprint referencing asset_path - [4f370ad](https://github.com/Loomly/s3_asset_deploy/commit/4f370ad9c0c1c274acb9b1d8585b878f47020277)
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -143,7 +143,7 @@ I, [2021-02-17T16:12:23.703677 #65335] INFO -- : S3AssetDeploy::Manager: Determ
|
|
143
143
|
```
|
144
144
|
|
145
145
|
## AWS IAM Permissions
|
146
|
-
`S3AsetDeploy` requires the following AWS IAM permissions:
|
146
|
+
`S3AsetDeploy` requires the following AWS IAM permissions to list, put, and delete objects in your S3 Bucket:
|
147
147
|
|
148
148
|
```json
|
149
149
|
"Statement": [
|
@@ -162,6 +162,65 @@ I, [2021-02-17T16:12:23.703677 #65335] INFO -- : S3AssetDeploy::Manager: Determ
|
|
162
162
|
]
|
163
163
|
```
|
164
164
|
|
165
|
+
## Configuration with Cloudfront
|
166
|
+
|
167
|
+
### Restricting Access with Origin Access Identity
|
168
|
+
If you want to setup Cloudfront to serve your assets, you can [restrict access to the bucket by using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-granting-permissions-to-oai) so that only Cloudfront can access the objects in your bucket.
|
169
|
+
|
170
|
+
If you do this, your bucket policy will look something like this:
|
171
|
+
|
172
|
+
```json
|
173
|
+
{
|
174
|
+
"Version": "2012-10-17",
|
175
|
+
"Statement": [
|
176
|
+
{
|
177
|
+
"Sid": "AllowGetObject",
|
178
|
+
"Effect": "Allow",
|
179
|
+
"Principal": {
|
180
|
+
"AWS": [
|
181
|
+
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
|
182
|
+
]
|
183
|
+
},
|
184
|
+
"Action": "s3:GetObject",
|
185
|
+
"Resource": "arn:aws:s3:::#{YOUR_BUCKET}/*"
|
186
|
+
},
|
187
|
+
{
|
188
|
+
"Sid": "DenyGetObject",
|
189
|
+
"Effect": "Deny",
|
190
|
+
"Principal": {
|
191
|
+
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
|
192
|
+
},
|
193
|
+
"Action": "s3:GetObject",
|
194
|
+
"Resource": "arn:aws:s3:::#{YOUR_BUCKET}/s3-asset-deploy-removal-manifest.json"
|
195
|
+
}
|
196
|
+
]
|
197
|
+
}
|
198
|
+
```
|
199
|
+
|
200
|
+
This policy allows Cloudfront to access everything **except** the removal manifest uploaded and maintained by this gem since this manifest does not need to be served to clients.
|
201
|
+
|
202
|
+
### CORS
|
203
|
+
Your CORS configuration on the bucket might look something like this:
|
204
|
+
|
205
|
+
```json
|
206
|
+
[
|
207
|
+
{
|
208
|
+
"AllowedHeaders": [
|
209
|
+
"Authorization"
|
210
|
+
],
|
211
|
+
"AllowedMethods": [
|
212
|
+
"GET",
|
213
|
+
"HEAD"
|
214
|
+
],
|
215
|
+
"AllowedOrigins": [
|
216
|
+
"https://*.#{YOUR_SITE}.com"
|
217
|
+
],
|
218
|
+
"ExposeHeaders": [],
|
219
|
+
"MaxAgeSeconds": 3000
|
220
|
+
}
|
221
|
+
]
|
222
|
+
```
|
223
|
+
|
165
224
|
## Development
|
166
225
|
|
167
226
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: s3_asset_deploy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Loomly
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-s3
|