6

How to make the artifacts uploaded to s3 as part of an aws code build public by default? I'm experimenting build automation. At present the build is successful; however, the artifact created isn't public and hence I can't share the link (as part of a mail). By default, the server side encryption is set at Using AWS KMS master key: aws/s3 (default). When tried removing the encryption key from the advanced settings section of the aws code build config, it gave an error. I'm planning to run an aws lambda function that will send a mail with link of the artifact at the end of the build as part of the aws code pipeline.

Edit: I tried adding the following as the permission but it didn't help:

{
  "Version":"2012-10-17",
  "Statement":[
   {
    "Sid":"AddPerm",
    "Effect":"Allow",
    "Principal": "*",
    "Action":["s3:GetObject"],
    "Resource":["arn:aws:s3:::examplebucket/*"]
   }
  ]
}

as mentioned here

From S3 if I manually go and select none as the encryption, the link does become downloadable. However I need a programmatic way to do this as I'm trying to automate the entire process as part of the build automation. So far I'm not able to achieve this via boto3 too.

Thanks in advance!

ranjjose
  • 2,138
  • 1
  • 24
  • 46
  • 1
    Perhaps you could use AWS Lambda, triggered when your build artifact is uploaded to a specific S3 bucket - the Lambda would use the S3 API to modify the S3 object permissions. Or you could configure AWS CodeBuild to send a build notification via SNS and respond to that notification by modifying the build artifact permissions. – jarmod May 26 '17 at 16:04
  • Thanks! I shall try that. – ranjjose May 26 '17 at 17:21
  • 1
    You could also investigate applying an S3 bucket policy that makes all content in the bucket publicly readable but I don't know if that's acceptable to you depending on other content in the bucket (example at http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html). – jarmod May 26 '17 at 20:12
  • Thanks! I tried adding required policy from the link mentioned, however, I see the same error when I tried to download from the link. If I manually unselect encryption, it works. The problem is that I'm not able to do that from boto3 and hence cannot automate the process. – ranjjose May 27 '17 at 15:57
  • Updated the question with more information. Hope it helps! – ranjjose May 27 '17 at 16:32

1 Answers1

1

OK! I got a reply in aws developer forum as follows:

Thank you for this feature request, I have passed it to the team for further review. Your feedback is very much appreciated.

Which means the feature is probably not present now.

This is the link to the AWS dev forum. Anyways, there's a workaround for the time being. You can see that too in the same link or here with more details.

ranjjose
  • 2,138
  • 1
  • 24
  • 46