cannot block all public access for the s3 bucket · serverless-nextjs/serverless-next.js#813

(1 留言) (0 反應) (0 負責人)TypeScript (3,998 star) (447 fork)batch import

buggood first issue

描述

I am using the serverless next component and I have this setup

nextJsUiApp:
  component: "@sls-next/serverless-component"
  inputs:
    bucketName: xxx
    bucketRegion: xxx
    domain: ["xxxx", "xxxxx.com"]
    nextConfigDir: "../../"
    cloudfront:
      # if you want to use an existing cloudfront distribution, provide it here
      distributionId: xxxxxx
      priceClass: "PriceClass_100"
      origins:
      - url: https://xxxx.s3.amazonaws.com
        private: true

setting the origin private flag to true doesn't seem to do anything to the bucket permissions or policy.

Can i block all public access through any of the config flags?

貢獻者指南

技術棧: typescriptnextjsaws
領域: backendclouddevops
議題類型: bug
難度: 3
預計時間: half day
活動狀態: stale
清晰度: needs investigation
前置要求: Basic AWS S3 bucket policy knowledgeUnderstanding of serverless next.js configuration
新手友善度: 30
研究方向: The issue reports that the 'private' flag in the CloudFront origin configuration does not actually block public access to the S3 bucket. Investigate the serverless next.js component source code, likely in the '@sls next/serverless component' package, to see how the bucket policy is set. Check if there is any logic that sets a bucket policy to restrict public access when 'private: true' is specified. Also look for any related issues or pull requests that might have addressed this. The goal is to determine whether this is a missing feature or a bug in the existing implementation.