Carl Maltby

Yes, the process has changed quite significantly. For the most part it is still possible to follow, however after a certain point (after creating a user) the process breaks down somewhat. It looks like the user created needs an access key generating manually, and doing so present a lot of options which I am somewhat loth to just guess at. The stage at which a new user is allowed Programmatic Access no longer has that option. Checking the user details presents us with this option for generating access keys:

This one looks innocent enough: Region | Bucket name(s) | APIAction | TLSVersion | NumCalls | UserAgent eu-west-1 | ******************* | REST.GET.OBJECT | TLSv1 | 1 | [Mozilla/5.0 (Linux; U; Android 4.1.2; th-th; GT-I8262 Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30] I can only presume that files in the S3 bucket are being referenced directly from somebody's mobile browser using TLS v1 rather than via the forums/site. Again, I think that this is an issue with the bucket being public read: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::xxxxxxxxxxxxxx/*" } ] } I'll go through the guide and refresh/build my knowledge, thanks for the link. I didn't find this yesterday.

It's likely more of an issue of me spending more time the other side of the fence rather than knee deep in admin, Marc. In a way that's testament to the software working without needing to keep a hand on the wheel all of the time. Very true about my phrasing of the title....so let's try going with that a bit better.... Are there any good setup and maintenance threads or external resources on setting up an S3 bucket - eg. for security - and periodic backups on the AWS side of things? I have a nice ⚠️ telling me that it doesn't like the "public" nature of the bucket, however I am so un-versed in all things S3 that I don't know how to secure it without breaking the functionality. I would guess that the bucket is more or less open to the world and not just our site. Would I also be correct in thinking that Cloudfront acts as a service that provides data from the S3 bucket, almost as a layer of protection rather than direct access? Literally, I am that out of touch! I should probably accept a slap on the wrist.

This is more of a discussion about setting up Cloudfront for an S3 bucket rathe than a specific question, Marc. If this is not appropriate for this area (questions only?) please move to an appropriate forum. The bottom line is that I am feeling really out of my depth here, so I probably don't even know what the question is yet.

I received an email from AWS with the title, "[ACTION REQUIRED] - Update your S3 object access to maintain connectivity" and to be honest, I'm out of my depth. I'll do a bit of backgrounding for context. We're an old old site cloud hosted with IPS and we've never really needed to grow what we do with our site on a technical level. Everything is simple and the community JustWorks. Our storage size has mounted up a LOT over the last 20yrs so I transitioned our storage to S3 using my very minimal amount of knowledge, and it seems to work. We're also caching all image uploads against remote links to prevent image link rot (thanks Photobucket). Thus far, everything has worked admirably and simply and I am concerned about the relative fragility of our bucket data, which comes to about 47GB as of writing. I am told that I need to set up a Cloudfront distribution which as I understand it is a middleman between the S3 bucket and our site's storage request/serving. Correct me if I'm wrong. I'm a bit stuck on the settings for Cloudfront, even though I seem to have muddled through and gotten it working. This hardly feels like the best recipe for success or defensibility! I don't seem to be able to find any guides or advice outside of self-hosting, and even then clues are thin on the ground. I'm sure that I am not the only person in this position, so any guiding words or handholding would be welcomed....I very much dislike having something working and not having the knowledge onboard to know why it's working, how securely/appropriately, or not knowing if I am building a stronger problem going forward.

We're new to badges as of today, and I think that what @Square Wheels has to say partly represents first impressions here as well. If anything, the badges are nice however dumping all the profile field in favour of badges-only is a little much. I'll be figuring out a hybrid approach, as badges seem here to stay.

Ticket submitted. Sounds likely, thanks Ryan.

Woke up today to find that one of our admin got hammered with reports about this: I'm guessing that being a cloud-based suite, I don't have access to the files that Chrome console is telling me are having a bad day, and that this should be a support issue? fontawesome-webfont.woff:1 Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID fontawesome-webfont.ttf:1 Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID To be straight, nothing has changed for a few weeks. Literally, out of the blue.