Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a ACL option to set access permission in S3 bucket #614

Open
PhucNguyen0311 opened this issue Jun 5, 2024 · 0 comments
Open

Add a ACL option to set access permission in S3 bucket #614

PhucNguyen0311 opened this issue Jun 5, 2024 · 0 comments

Comments

@PhucNguyen0311
Copy link
Contributor

There was an issue when we used CloudFront in one account to access S3 in another account. For example, my application and CloudFront are stored in A account but my S3 bucket is configured in B account. Then, I checked the log of scheduled tasks and I can see this issue:

php admin/cli/scheduled_task.php --execute='\tool_objectfs\task\push_objects_to_storage'
Execute scheduled task: Object file system upload task (tool_objectfs\task\push_objects_to_storage)
... started 12:42:52. Current memory use 2.9 MB.
copy_object_from_local_to_external. Total time taken: 0.16533708572388 seconds. Location change summary:
local -> local. Objects moved: 4. Total size: 4.6 MB.
... used 13 dbqueries
... used 0.66407299041748 seconds
Scheduled task complete: Object file system upload task (tool_objectfs\task\push_objects_to_storage)

It means we can't push objects from local to s3 (local->external). I tried to add a debug in upload_to_s3() function in https://github.com/catalyst/moodle-tool_objectfs/blob/MOODLE_310_STABLE/classes/local/store/s3/client.php line 458 and get this error:

Execute scheduled task: Object file system upload task (tool_objectfs\task\push_objects_to_storage)
... started 12:27:04. Current memory use 2.9 MB.
exception 'Aws\S3\Exception\S3Exception' with message 'Error executing "PutObject" on "https://s3bucketname.s3.region.amazonaws.com/path/to/objectkey"; AWS HTTP error: Client error: https://s3bucketname.s3.region.amazonaws.com/path/to/objectkey resulted in a 400 Bad Request response:

AccessControlListNotSupportedThe bucket does not all (truncated...)
AccessControlListNotSupported (client): The bucket does not allow ACLs -
AccessControlListNotSupportedThe bucket does not allow ACLsRequestIDHostID='

I recognized the $acl is set as private by default https://github.com/catalyst/moodle-local_aws/blob/master/sdk/Aws/S3/ObjectUploader.php line 54 but we don't have any way to input $acl from upload_to_s3() function in moodle-tool-objectfs plugin. I'm tested this and it doesn't matter if Moodle, CloudFront and S3 are stored in the same AWS account. So, I'm wondering if we can create an option for this in Moodle setting page with private by default.

PhucNguyen0311 pushed a commit to PhucNguyen0311/moodle-tool_objectfs that referenced this issue Jun 5, 2024
PhucNguyen0311 pushed a commit to PhucNguyen0311/moodle-tool_objectfs that referenced this issue Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant