I’m helping someone set up a convox installation, and they tried to turn on the “Block public access” setting for their S3 buckets (including the convox buckets.) This change ended up breaking convox:
$ convox releases promote ABCDEFGHIJK --wait Promoting ABCDEFGHIJK... ERROR: AccessDenied: Access Denied status code: 403, request id: 570A88452310B8A5, host id: y3rxfEiiy1234LM7VCzPYXmrjvo0C7n12341234TTsBcP/p0QM+dB9lR1234atbe+P66I=
They also tried only blocking access for new ACLs and policies:
* Block public access to buckets and objects granted through new access control lists (ACLs) => On * Block public access to buckets and objects granted through any access control lists (ACLs) => Off * Block public access to buckets and objects granted through new public bucket policies => On * Block public and cross-account access to buckets and objects through any public bucket policies => Off
I turned all of these off again, and now everything is fine. But I think they are a bit worried about the idea of “public access” for these settings and releases, and they saw that “AWS recommends that you turn on Block all public access.”
Does this mean that Convox is making some unauthenticated requests to these S3 buckets?
Any information would be helpful, just to reassure them that Convox is doing everything securely.