Using S3 for file storage
Enabling the Private/Public S3 add-ons during app creation will create an S3 bucket and give the app full read/write permissions to it. This is done via an IAM role and does not require static AWS access keys. As you'd expect, a public bucket has files that are publicly accessible on the internet while the private bucket only allows authenticated access. Private files may still be served to end-users by generating presigned URLs within your application.
In the case of Review Apps, a single S3 bucket will be setup for the Pipeline and shared among all Review Apps. Each Review App will be given access to a unique prefix within the bucket.
Public S3 buckets violate control S3.2 of Amazon's Foundational Security Best Practices. In some scenarios, this is not a problem, but be sure you understand the potential risk before enabling them.
Destroying the application will permanently destroy the bucket(s) and all files in them. Be sure to make a backup first!
The following config variables will be provided to your application:
Public S3 Add-on
PUBLIC_S3_BUCKET_NAMEthe name of the bucket created for the app
PUBLIC_S3_BUCKET_PREFIXReview Apps only. The name of the S3 object prefix accessible to the application
Private S3 Add-on
PRIVATE_S3_BUCKET_NAMEthe name of the bucket created for the app
PRIVATE_S3_BUCKET_PREFIXReview Apps only. The name of the S3 object prefix accessible to the application