This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-05-22
Channels
- # announcements (1)
- # aws (11)
- # babashka (10)
- # beginners (49)
- # calva (32)
- # cljsrn (3)
- # clojure (123)
- # clojure-australia (1)
- # clojure-dev (2)
- # clojure-europe (27)
- # clojure-spec (1)
- # clojurescript (22)
- # clojutre (1)
- # code-reviews (1)
- # conjure (3)
- # editors (32)
- # emacs (3)
- # graalvm (12)
- # kaocha (1)
- # lsp (1)
- # malli (2)
- # off-topic (1)
- # schema (2)
- # shadow-cljs (32)
- # spacemacs (6)
- # tools-deps (4)
Is there is an idiot proof end-to-end guide to setting up an S3 bucket and accessing it with Clojure? I've set up the bucket, set up an IAM policy / user to access it, but am not having any luck.
IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::snip"
]
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Action": "s3:*Object",
"Resource": [
"arn:aws:s3:::snip/*"
]
}
]
}
Clojure code - this hangs on the list buckets op
(comment
(def config (edn/read-string (slurp "resources/.secrets.edn")))
(def s3 (aws/client {:api :s3
:credentials-provider (creds/default-credentials-provider (:s3 config))}))
(aws/validate-requests s3 true)
(aws/invoke s3 {:op :ListBuckets}))
The AWS docs are very sprawling, so I can't tell if it's the S3 side of things I'm messing up or the Clojure side (or both)
In particular I'm unclear on whether the IAM policy itself is sufficient, or whether I need to change the permissions on the Bucket itself also
Try aws cli https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/ls.html Use it to test if policy setup is sufficient to do what you want. When you figure out policies you can reproduce aws cli commands in clojure
This is the policy we use for dev buckets and it works
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::dev-${aws:username}"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::dev-${aws:username}/*"
}
]
}