How about setting read-public acl to buckets instead of setting it each object?
BTW that seems valid JSON, or did you correctly put 'application/json' as content-type when you put the policy? On Tue, Oct 14, 2014 at 5:19 AM, Michael Grauer <michael.gra...@kitware.com> wrote: > Thanks Ali. > > I now am having a permissions issue it seems in accessing the objects. > > I try to curl the object > > http://10.x.x.x/test-bucket/pointclouds/4f55ed40ca08aeb57bf19257aa6601e85436ff0684aa2/static/metadata.ini > > and I get > > <?xml version="1.0" > encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access > Denied</Message><Resource>/test-bucket/pointclouds/4f55ed40ca08aeb57bf19257aa6601e85436ff0684aa2/static/metadata.ini</Resource><RequestId></RequestId></Error> > > > When I request the ACL for this bucket from boto I get: > > <Policy: http://acs.amazonaws.com/groups/global/AllUsers = READ, > michael.grauer (owner) = FULL_CONTROL> > > I would like to not have to set ACLs on each object in my bucket, as I > expect a large number of objects. I tried to set a bucket policy like this: > > { > "Version":"2008-10-17", > "Statement":[{ > "Sid":"AllowPublicRead", > "Effect":"Allow", > "Principal": { > "AWS": "*" > }, > "Action":["s3:GetObject"], > "Resource":["arn:aws:s3:::test-bucket/*" > ] > } > ] > } > > > > But this was not accepted by boto or s3cmd . boto told me > boto.exception.S3ResponseError: S3ResponseError: 415 Unsupported Media Type > , but there weren't any errors that I could see in the riak-cs logs. > > Can anyone point the way? > > > Thanks again > > > > > > > > > > > On Mon, Oct 13, 2014 at 2:53 PM, Ali Nikkhah <ali.nikk...@datasphere.com> > wrote: >> >> Hi Mike, >> >> You are trying to resolve a domain name 'test-bucket.10.x.x.x,' which is >> invalid. This is the part that is incorrect. There are a couple options: >> >> 0) You should be able to access the bucket by using >> http://ip/bucket-name, like: >> >> http://10.x.x.x/test-bucket/my_key_path >> >> 1) For easier public access, you can then set up a resolvable domain >> name in your DNS configuration for the bucket, i.e. add a dns entry >> like: >> >> test-bucket.<yourdomain>.com >> >> pointing to the riak-cs proxy ip. As long as your proxy is set up >> properly, you should then be able to access the object using: >> >> http://test-bucket.<yourdomain>.com/my_key_path >> >> >> >> -Ali >> >> >> On Mon, 2014-10-13 at 14:11 -0400, Michael Grauer wrote: >> > Hi, >> > >> > >> > I'm very new to Riak-CS, and am investigating using it as a standin >> > for S3. I'd like to have a url that allows an anonymous >> > (unauthenticated) user to download an object from a bucket. >> > >> > >> > Riak 2.0.0-1 >> > Riak CS 1.5.0-1 >> > Stanchion 1.5.0-1 >> > Ubuntu 14.04 >> > >> > >> > I have test-bucket set up, and can connect to it, and upload and >> > download a file there all using an authenticated user that owns the >> > bucket, via boto. >> > >> > >> > My Riak CS is running as 10.x.x.x , the internal IP of my AWS >> > instance, and proxied behind nginx. >> > >> > >> > When I try to curl >> > >> > >> > curl -v http://test-bucket.10.x.x.x/my_key_path >> > >> > >> > I'm getting "could not resolve host: test-bucket.10.x.x.x" >> > >> > >> > My configuration is incorrect, but I'm uncertain of how to fix it. >> > >> > >> > Any help is appreciated! >> > >> > >> > Thanks, >> > Mike >> > _______________________________________________ >> > riak-users mailing list >> > riak-users@lists.basho.com >> > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com >> >> >> > > > _______________________________________________ > riak-users mailing list > riak-users@lists.basho.com > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > -- Kota UENISHI / @kuenishi Basho Japan KK _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
