[BUG] Unable to upload profile images to S3

[tim-morgan]

The Content Building Block is unable to upload profile pictures to the appropriate S3 bucket in the PROD Illinois environment.

2022/07/20 07:24:51 Error converting image: Unable to upload file: bcabda3d-8697-11ec-8edf-0a58a9feac02-default. Error: Unable to upload to S3: AccessDenied: Access Denied

The S3 bucket that we're using has "block all public access" enabled.

The current code attempts to use the acl "authenticated-read" when uploading, which isn't allowed due to the "block all public access" setting.

According to the documentation (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl), "authenticated-read" allows the AuthenticatedUsers groups to have access.

On the same documentation page, it states:

This group represents all AWS accounts. Access permission to this group allows any AWS account to access the resource. However, all requests must be signed (authenticated).

Warning: When you grant access to the Authenticated Users group any AWS authenticated user in the world can access your resource.

The acl should be changed from "authenticated-read" to "private".

[tim-morgan]

The file is /driven/awsstorage/adapter.go on line 188.

I don't have access to push to this repo, but it should be an easy fix.

[mdryankov]

Thanks for the feedback @tim-morgan !

The requested change has been made and now the profile images will be set as private. Dev is already deployed and looks good from client perspective

[mdryankov]

This change is strictly related to the profile images. There is another endpoint which must be kept as public (for general purpose).