I have a tomcat instance that runs in Beanstalk and in the configuration for Beanstalk I pass in a config.file as a parameter like so:
-Dconfig.url=http://ift.tt/1H2ekQB
This file is in s3 but I have to set permissions to 'Everyone': 'Open', which I do not like doing because this is unsafe, but can't seem to find any other way of doing this. I've looked at the url signing method and this isn't a good solution as both the file and the Beanstalk app are updated frequently and I'd like to have all this automated i.e, if the app breaks and restarts it will not be able to read the file because the signing key would have expired.
I've looked at the docs regararding roles but cannot seem to get this working. I've added a custom policy to the aws-elasticbeanstalk-ec2-role (shown below) and this isn't doing anything - my app can still not access files in the bucket. Could someone please tell me how / whether this can be fixed?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket-name/*"
}
]
}
Is there another way I can allow the Beanstalk application to read files in an S3 bucket? Any help is appreciated.
Aucun commentaire:
Enregistrer un commentaire