nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-09 03:56:01 +01:00
Code Activity

Merge pull request #14338 from lovesegfault/s3-docs-listbucket

Browse source 
docs: add s3:ListBucket to S3 read permissions
This commit is contained in:
Sergei Zimmerman 2025-10-23 08:43:01 +00:00 committed by GitHub
commit 36ee38efd1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/libstore/s3-binary-cache-store.md
View file

@ -27,7 +27,8 @@ like the following to be accessible:
"Sid": "AllowDirectReads", "Sid": "AllowDirectReads",
"Action": [ "Action": [
"s3:GetObject", "s3:GetObject",
"s3:GetBucketLocation" "s3:GetBucketLocation",
"s3:ListBucket"
], ],
"Effect": "Allow", "Effect": "Allow",
"Resource": [ "Resource": [
@ -51,7 +52,7 @@ Consult the documentation linked above for further details.
### Authenticated reads to your S3 binary cache ### Authenticated reads to your S3 binary cache
Your bucket will need a bucket policy allowing the desired users to perform the `s3:GetObject` and `s3:GetBucketLocation` action on all objects in the bucket. Your bucket will need a bucket policy allowing the desired users to perform the `s3:GetObject`, `s3:GetBucketLocation`, and `s3:ListBucket` actions on all objects in the bucket.
The [anonymous policy given above](#anonymous-reads-to-your-s3-compatible-binary-cache) can be updated to have a restricted `Principal` to support this. The [anonymous policy given above](#anonymous-reads-to-your-s3-compatible-binary-cache) can be updated to have a restricted `Principal` to support this.
### Authenticated writes to your S3-compatible binary cache ### Authenticated writes to your S3-compatible binary cache