Skip to content

Private/Public S3 Add-ons

Prerequisites

None

Overview

Enabling the Private/Public S3 add-ons will create an S3 bucket and give the app full read/write permissions to it via it's task role. As you'd expect, a public bucket has files that are publicly accessible on the internet while the private bucket only allows authenticated access. Private files may still be served to end-users by generating presigned URLs within your application.

In the case of Review Apps, a single S3 bucket will be setup for the Pipeline and shared among all Review Apps. Each Review App will be given access to a unique prefix within the bucket.

Warning

Public S3 buckets violate control S3.2 of Amazon's Foundational Security Best Practices. In some scenarios, this is not a problem, but be sure you understand the potential risk before enabling them.

Destroying the application will destroy the bucket(s) and all files in them.

Config Variables

Public S3 Add-on

  • PUBLIC_S3_BUCKET the name of the bucket created for the app
  • PUBLIC_S3_PREFIX Review Apps only. The name of the S3 object prefix accessible to the application

Private S3 Add-on

  • PRIVATE_S3_BUCKET the name of the bucket created for the app
  • PRIVATE_S3_PREFIX Review Apps only. The name of the S3 object prefix accessible to the application