From f9915efa5ea0714178fc60d11a0d5434e7b1e600 Mon Sep 17 00:00:00 2001
From: Doug Luce <doug@github.con.com>
Date: Tue, 15 Mar 2022 08:57:12 -0700
Subject: Make object storage ACL configurable

Override this value to allow uploads to non-public S3
buckets. Otherwise "AccessDenied: Access Denied" errors will end up in
the log.

Fixes #4850
---
 config/default.yaml            | 3 +++
 config/production.yaml.example | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'config')

diff --git a/config/default.yaml b/config/default.yaml
index 42ce12c18..6db8d3803 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -138,6 +138,9 @@ object_storage:
 
   region: 'us-east-1'
 
+  # Set this ACL on each uploaded object
+  upload_acl: 'public-read'
+
   credentials:
     # You can also use AWS_ACCESS_KEY_ID env variable
     access_key_id: ''
diff --git a/config/production.yaml.example b/config/production.yaml.example
index bb1b4615b..e6e85da12 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -134,6 +134,9 @@ object_storage:
 
   region: 'us-east-1'
 
+  # Set this ACL on each uploaded object
+  upload_acl: 'public'
+
   credentials:
     # You can also use AWS_ACCESS_KEY_ID env variable
     access_key_id: ''
-- 
cgit v1.2.3