A tool for creating credentials for accessing S3 buckets
s3-credentials create ... --website --create-bucket
now creates an S3 bucket that is configured to act as a website, with index.html
an the index page and error.html
as the page used for any errors. #21
s3-credentials list-buckets --details
now returns the bucket region and the URL to the website, if it is configured to act as a website. #77
list-bucket
would return an error if the bucket (or specified --prefix
) was empty. #76
--policy
or --statement
options now implies --user-permissions-boundary=none
. Previously it was easy to use these options to accidentally create credentials that did not work as expected since they would have a default permissions boundary that locked them down to only being able to access S3. #74
s3-credentials.AmazonS3FullAccess
role created by this tool in order to issue temporary credentials previously used the default MaxSessionDuration
value of 3600, preventing it from creating credentials that could last more than an hour. This has been increased to 12 hours. See this issue comment for instructions on fixing your existing role if this bug is affecting your account. #75
--statement JSON
option for both the s3-credentials create
and s3-credentials policy
commands, allowing one or more additional policy statements (provided as JSON strings) to be added to the generated IAM policy. #72
set-cors-policy
and get-cors-policy
for altering the CORS policy for a bucket, documented here. #47
--help
. #67
--help
for every command.list-roles
command for listing roles configured for your AWS account. #61
See Weeknotes: s3-credentials prefix and Datasette 0.60 for extra background on these new features.
--prefix myprefix/
option to s3-credentials create
, which configures the credentials to only allow access to keys within the S3 bucket that start with the provided prefix. #12
s3-credentials policy --prefix myprefix/
command for generating and outputting a JSON policy that is restricted to the specified prefix. You can see examples in the README.list-bucket
command for listing the contents of a specified bucket. #28
list-users
, list-buckets
and list-bucket
command all default to outputting an indented JSON array - previously the outputted indented JSON objects separated by newlines. The --nl
option can be used to return newline-delimited single line JSON objects. The new --csv
and --tsv
options can be used to return CSV or TSV output. #48