Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filestore: document S3 parameters #956

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions src/collections/_documentation/server/filestore.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,24 @@ filestore.options:
```yaml
filestore.backend: 's3'
filestore.options:
access_key: '...'
secret_key: '...'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't quite understand why you removed those lines?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically because authentication is complicated and there’s a separate discussion point. I didn’t want it to look like that’s required parameter.

bucket_name: '...'
```

* Sentry uses the [boto3](https://pypi.org/project/boto3/) library to access S3. Boto supports a number of ways to [retrieve configuration information](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#guide-configuration) including EC2/ECS IAM roles (recommended), the environment, its own configuration files, and you may also specify specify `access_key` and `secret_key` values in your Sentry `filestore.options`:

```yaml
filestore.backend: 's3'
filestore.options:
bucket_name: '...'
access_key: '...'
secret_key: '...'
```

* By default, S3 objects are created with the `public-read` ACL which means that the account used must have the `PutObjectAcl` permission in addition to `PutObject`, along with `GetObject` and `DeleteObject`. If you don't want your uploaded files to be publically-accessible you can specify the default ACL using a value accepted by [boto's S3 `put_object` method](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html#S3.Client.put_object):

```yaml
filestore.backend: 's3'
filestore.options:
bucket_name: '...'
default_acl: 'private'
Copy link

@gtkesh gtkesh Jul 26, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR/issue saved the day! I spent hours debugging. It was a matter of default_acl: 'private'.

Thanks for creating this PR! :)

```