Predefined Bucket List
Version 5.3.1+
With the default IAM policies in place, Yarkon will find all available buckets and handle permissions automatically. If in your account you have many buckets, and only few are accessible to any user in your organization, or if you prefer to hard-code the list of buckets to have more control over the system, you can do so by providing Yarkon the list of buckets. If you do so, Yarkon will only consider that list of buckets, and will never try to access any bucket that is not on the list.
Before you decide, consider the following:
- Advantages:
- Improved user login performance when there are many buckets, but only few are used by Yarkon.
- Ensure other buckets are never used, thus protecting against future mistakes by the admin.
- No need to grant the
ListAllMyBucketspermission to the main IAM role.
- Disadvantages:
- Additional set up work for the admin, for creating the bucket list.
- If you want to add buckets, you'd have to update the bucket list.
Implementation
The list of predefined buckets is passed into Yarkon using an env variable. The list of buckets is made of a comma-delimited string of the bucket names.
AMI
If you launched Yarkon Server from an AMI, you should update the env section of the configuration file /var/app/current/yarkon-server.pm2.json to include the following line (here showing some example buckets):
"env": {
"LIST_BUCKETS": "my-bucket-1,my-bucket-2,my-other-bucket"
}
Docker
If you are using a docker container, you'd have to pass in the env variable using the mechanism available to you based on your specific implementation. If you use a docker-compose file, you should add a line like so (under the environment section):
environment:
LIST_BUCKETS: "my-bucket-1,my-bucket-2,my-other-bucket"