cannot block all public access for the s3 bucket · serverless-nextjs/serverless-next.js#813

(1 评论) (0 反应) (0 负责人)TypeScript (3,998 star) (447 fork)batch import

buggood first issue

描述

I am using the serverless next component and I have this setup

nextJsUiApp:
  component: "@sls-next/serverless-component"
  inputs:
    bucketName: xxx
    bucketRegion: xxx
    domain: ["xxxx", "xxxxx.com"]
    nextConfigDir: "../../"
    cloudfront:
      # if you want to use an existing cloudfront distribution, provide it here
      distributionId: xxxxxx
      priceClass: "PriceClass_100"
      origins:
      - url: https://xxxx.s3.amazonaws.com
        private: true

setting the origin private flag to true doesn't seem to do anything to the bucket permissions or policy.

Can i block all public access through any of the config flags?

贡献者指南

技术栈: typescriptnextjsaws
领域: backendclouddevops
议题类型: bug
难度: 3
预计时间: half day
活动状态: stale
清晰度: needs investigation
前置要求: Basic AWS S3 bucket policy knowledgeUnderstanding of serverless next.js configuration
新手友好度: 30
研究方向: The issue reports that the 'private' flag in the CloudFront origin configuration does not actually block public access to the S3 bucket. Investigate the serverless next.js component source code, likely in the '@sls next/serverless component' package, to see how the bucket policy is set. Check if there is any logic that sets a bucket policy to restrict public access when 'private: true' is specified. Also look for any related issues or pull requests that might have addressed this. The goal is to determine whether this is a missing feature or a bug in the existing implementation.