novaburst/funquail
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Parameterize S3 default ACL when uploading objects.

Browse source
This commit is contained in:
Stuart Begley-Miller 2022-05-07 06:54:04 +00:00 committed by Georg Krause
commit 40db52a91e
3 changed files with 22 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
api/config/settings/common.py
View file

@ -468,7 +468,19 @@ It's recommended to keep this on, as a way to enforce access control, however,
if you're using S3 storage with :attr:`AWS_QUERYSTRING_AUTH`,
it's safe to disable it.
"""
AWS_DEFAULT_ACL = None
AWS_DEFAULT_ACL = env("AWS_DEFAULT_ACL", default=None)
"""
The default ACL to use when uploading files to an S3-compatible object storage
bucket.
ACLs and bucket policies are distinct concepts, and some storage
providers (ie Linode, Scaleway) will always apply the most restrictive between
a bucket's ACL and policy, meaning a default private ACL will supercede
a relaxed bucket policy.
If present, the value should be a valid canned ACL.
See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
"""
AWS_QUERYSTRING_AUTH = env.bool("AWS_QUERYSTRING_AUTH", default=not PROXY_MEDIA)
"""
Whether to include signatures in S3 urls, as a way to enforce access-control.