Daniel Snider dephekt
ftpmorph
/ Details and config tips.txt
Last active
April 22, 2024 19:47
Amazon AWS S3 IAM permissions required for Mastodon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| When setting up a Mastodon instance I had a very hard time working out the required S3 permissions. | |
| Wasted a day on it. None of the tutorials or even the official documentation gave me this information. | |
| In the end I gave up and just gave it blanket access to all permissions for the Mastodon bucket (S3Administrator). | |
| But this didn't set well with me - I don't like granting unnecessary permissions, especially not when S3 has about 100 of them. | |
| If the server were to become compromised or the keys were to otherwise fall into the wrong hands I'd want a potentially malicious actor to have as limited permissions as possible. | |
| Anyway I finally worked out the permissions required to for Mastodon to function with an S3 bucket as its media storage. | |
| See below for the IAM policy. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| apt-get -y install git bc | |
| git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt | |
| mkdir /etc/letsencrypt |