In my SST app, there is a “core bucket” which keep...
# help
g
In my SST app, there is a “core bucket” which keep: configuration files, email templates and images. To prevent any manual operation after first deploy, I decided to keep in my monorepo a folder called “assets” which contains a “core-bucket” folder which inside are all files I want to publish on S3. To keep sync this folder and bucket I tried to us S3Deployment cdk construct
Copy code
new s3deploy.BucketDeployment(this, 'core-bucket-deployment', {
      sources: [s3deploy.Source.asset('./backend/assets/core-bucket')],
      destinationBucket: this.core_bucket.s3Bucket,
});
It works nice but I have a problem about permission, because some of these file (example app-logo.png) I want it with public permission but I can’t find a way to set permission on file. Probably S3Deployment is not a right way to solve my need. Do you know some solution? Actually I think the only solution is to use aws-sdk after cdk bucket creation, to manually set permission on files loaded with S3Deployment, or directly upload that files through sdk.
r
It feels to me like having a single bucket that can have public and private objects is the wrong approach. Personally I’d prefer to split the buckets into public and private and set the access writes at the bucket level. Much less chance of accidentally leaking something private, or blocking something public that way
g
Hi Ross, I think you are right, maybe the best solution is to divide in two buckets and use S3Deployment for both. In this scenario S3Deployment should be enough because public permission are set on bucket. It’s much simpler solution.
f
Yeah that’s a cleaner solution.
Just wanted to leave a note here for others that might want to fine-tune object ACL permissions, you could use two
s3deploy.BucketDeployment
constructs uploading to the same bucket with different
accessControl
settings.