about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen <eugen@zeonfederated.com>2017-04-08 11:38:33 +0200
committerGitHub <noreply@github.com>2017-04-08 11:38:33 +0200
commita2ec54a20b7426bf6e3d75de19b81e4c4392b7b1 (patch)
treea45513fa2f0120587958808d62e8c887c5949eb8
parente33dcb79c6d13d9ae0d2c9f977077e74e5d59a6f (diff)
parent4fb24a70d38ff1097f36069caf8532741c486135 (diff)
Merge pull request #1198 from huertanix/patch-1
Update Heroku-guide.md
-rw-r--r--docs/Running-Mastodon/Heroku-guide.md34
1 files changed, 34 insertions, 0 deletions
diff --git a/docs/Running-Mastodon/Heroku-guide.md b/docs/Running-Mastodon/Heroku-guide.md
index 269bc6331..4978a20ac 100644
--- a/docs/Running-Mastodon/Heroku-guide.md
+++ b/docs/Running-Mastodon/Heroku-guide.md
@@ -39,6 +39,40 @@ You will want Amazon S3 for file storage. The only exception is for development
 purposes, where you may not care if files are not saved. Follow a guide online
 for creating a free Amazon S3 bucket and Access Key, then enter the details.
 
+If you deploy from the web, the format for all the S3 bits use Paperclip conventions:
+
+S3 Bucket is just the name of the bucket, e.g. `bucketname` not the full ARN.
+
+S3 Region is the AWS code for the region e.g. `ap-northeast-1` not the name of the city displayed on the AWS Dashboard.
+
+To protect the privacy of the users of the your instance, you should have permissons on the your S3 bucket set to no-read and no-write for the public and non-application-specific AWS users, with only one authorized IAM user or group set up to be able to upload or display content. This is an example of an IAM policy used for the S3 bucket used Mastadon instance hentai.loan:
+
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:ListAllMyBuckets"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::*"
+                ]
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:*"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::hentailoan”,
+                    "arn:aws:s3:::hentailoan/*"
+                ]
+            }
+        ]
+    }
+
+
 ## Deployment
 
 You can deploy from the Heroku web interface or from the command line. Run: