Created
August 11, 2021 17:58
-
-
Save HanClinto/55ec3940d4fbe850714247e97aa26ebd to your computer and use it in GitHub Desktop.
Prompt to GPT-J 6b
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title: 403 Forbidden For only SOME folders/objects | |
| Question: | |
| I'm making a craft site and most of my images work fine, but some images in some of my s3 folders are returning 403 forbidden errors. | |
| Here is my policy | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:ListStorageLensConfigurations", | |
| "s3:ListAccessPointsForObjectLambda", | |
| "s3:GetAccessPoint", | |
| "s3:PutAccountPublicAccessBlock", | |
| "s3:GetAccountPublicAccessBlock", | |
| "s3:ListAllMyBuckets", | |
| "s3:ListAccessPoints", | |
| "s3:ListJobs", | |
| "s3:PutStorageLensConfiguration", | |
| "s3:CreateJob" | |
| ], | |
| "Resource": "*" | |
| }, | |
| { | |
| "Sid": "VisualEditor1", | |
| "Effect": "Allow", | |
| "Action": "s3:*", | |
| "Resource": [ | |
| "arn:aws:s3:::extendednotesimages", | |
| "arn:aws:s3:::extendednotesimages/*" | |
| ] | |
| } | |
| ] | |
| } | |
| amazon-web-services | |
| amazon-s3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A: | |
| I can't tell you where the problem lies, but you should: | |
| make sure you have S3-specific permissions in place for the role you are using for your S3 work, that is, (a) access and (b) full control | |
| make sure you have S3-specific policies attached to the S3 resources in question, that is, (a) access and (b) full control | |
| make sure you are using the correct role | |
| make sure that the resource exists | |
| make sure you have the right policy | |
| As a rule of thumb, you don't ever want to use * as a resource. There are exceptions, but you should be careful. That is almost never a good idea. | |
That is great! I wonder how many answers would be solved if SO displayed this first run analysis for people posting.
Also, it seems like a relatively easy thing to spot check. You can feed in a bunch of answered SO questions and see how much they line up with the suggested answers.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I don't know enough about S3 buckets and permissions to know if this is good advice or not, but I thought it was really impressive how it commented on the way that the OP had
"Resource": "*"and said "As a rule of thumb, you don't ever want to use * as a resource." -- I searched Google for that exact phrase, and its index came up blank.I'm impressed.