From b5bbca9ed4c2b669d3a39a065ff3d9071fc4b303 Mon Sep 17 00:00:00 2001 From: "Sean P. Kane" Date: Tue, 9 Jan 2018 14:31:37 -0800 Subject: [PATCH] Improve Cloudfront notes regarding private buckets (#5225) * Improve Cloudfront notes regarding private buckets * Point to CloudFront docs This is better than outlining the steps specifically. The API steps will be different and the specific parts of the web UI may change over time. Amazon's docs are more likely to be up to date. --- docs/storage-drivers/s3.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/storage-drivers/s3.md b/docs/storage-drivers/s3.md index 16b5279f0..b6ace9cda 100644 --- a/docs/storage-drivers/s3.md +++ b/docs/storage-drivers/s3.md @@ -238,9 +238,13 @@ Defaults can be kept in most areas except: ### Origin: -The CloudFront distribution must be created such that the `Origin Path` is set -to the directory level of the root "docker" key in S3. If your registry exists -on the root of the bucket, this path should be left blank. + - The CloudFront distribution must be created such that the `Origin Path` is set + to the directory level of the root "docker" key in S3. If your registry exists + on the root of the bucket, this path should be left blank. + + - For private S3 buckets, you must set `Restrict Bucket Access` to `Yes`. See + the [CloudFront documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html). + ### Behaviors: @@ -277,5 +281,5 @@ middleware: ## CloudFront Key-Pair A CloudFront key-pair is required for all AWS accounts needing access to your -CloudFront distribution. For information, please see [Creating CloudFront Key +CloudFront distribution. You must have access to your AWS account's root credentials to create the required Cloudfront keypair. For information, please see [Creating CloudFront Key Pairs](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs).