Granting Amazon S3 permission by bucket

Quick Note

I was setting up an AWS S3 bucket and would like to share the access to my colleague.

It's quite effortless but somehow I needed to go over the docs for serval times and set up some extra stuffs.

This serves as a note for myself and anyone who needs.

For settings in detail, you can read the docs about how to manage access to your Amazon S3 Resources

Problem

I want to share bucket-a and bucket-b to my colleague Boris.

Solution

Create IAM Policy in the console

Then visit the AWS IAM console

In the policy tab, you will see many default policy (you can filter out by "S3", however there are no rules that based on buckets). So, let us create a new policy.

Select Policy Generator , it helps us to generate the policy document as specified.

Policy for the buckets

AWS Policy Generator is a handy tool to get the IAM policy document generated.

Since we are working with S3, we need to know the Amazon Resource Names (ARNs) of our buckets.

<!-- Object in an Amazon S3 bucket -->
arn:aws:s3:::bucket_name/exampleobject.png

so in my case, I need to specify:

arn:aws:s3:::bucket-a
arn:aws:s3:::bucket-a/*
arn:aws:s3:::bucket-b
arn:aws:s3:::bucket-b/*

The policy generated as following:

{
  "Id": "Policy1487658810754",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1487658775540",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket-a",
        "arn:aws:s3:::bucket-a/*",
        "arn:aws:s3:::bucket-b",
        "arn:aws:s3:::bucket-b/*"
      ],
      "Principal": "*"
    }
  ]
}

For example, we give it the name AmazonS3BucketABucketBAccess. You can now see the policy on the list of policies in the IAM Console.

Grant a user the permission

Now, go to the Users tab in the IAM console.
Search for the user nad edit his/her permission.

If the user does not exist yet, create a user first by clicking the Add User button. I advice to select the Access Type as "Programmatic access", so it doesn't generate a set of usernams / password for the user to login to the console.

Now, we can add the above created permissions to the user.
Among "Add user to group", "Copy permissions from existing user" and "Attach existing policies directly", we will choose "Attach existing policies directly" this time.

You will see the policy AmazonS3BucketABucketBAccess we created just now in the list.

Just select the policy and attach it to the user.

Alternatively, you can create a Group

... then add the user into the group. Users in the group will be granted the same level of permission as the group specified.

To access the bucket

You will need API Key ID and API Secret to access to the bucket.
The above info can be found in the IAM Console > Users > Select the User > Security credentials > Access keys.

We need to create a pair of Access key ID and secret for the user to get the right access.

Once it's ready, you will see the status of the Access Keys.

Extra

If you need to grant the user console access, make sure you also grant him/her the list all bucket permission.

Ref: StackOverflow: Amazon S3 IAM User can' access S3 bucket

    {
        "Sid": "ListAllBuckets",
        "Action": "s3:ListAllMyBuckets",
        "Effect": "Allow",
        "Resource": "*"
    }

Hope it helps ;)

comments powered by Disqus

Make a single page landing site for my App with Appsite

After releasing an app on App Store, we often need some marketing effort to drive the visitor traffic. It would be solely depend on ASO(App Store Optimizaton) if we don't have an external site on the Internet.

There are various ways to build landing pages for the app. I particularly find Appsite very easy to use.

Just search the published app, Appsite will generate a single page landing page for the app selected.

It's also nice I can choose among the templates

I can change theme colour and update the screenshots - if everything from the App Store is not satisfying enough.

Finally I got the single page website for my app ins within 3 minutes.

See the site I generated in action:
http://appsite.skygear.io/spentable_app

Try it out

If you have your iOS or Android app and wish to build a website, it'd be nice to try Appsite out.

comments powered by Disqus

Telegram Stickers

I (and my friends) fancy the stickers in Telegram a lot. That's actually how I pitched groups of my friends migrated from other WhatsApp to Telegram - just because it supports stickers.

Of course, Telegram is also a fast, rich and secure instant messenger app with an insanely smooth user interface.

First introduction of stickers

The first set of stickers was introduced in January 2015.

Telegram planned to offer stickers in for free:

All our stickers are and will be completely free, and you can always create and share your own stickers.

At first, there is only one set of official sticker on Telegram.

Make and submitting custom stickers

Since May 2015, artists can submit sticker sets to Telegram. I created a set of cat's sticker with our own cats, and the sticker attracted a large group of friends starting to use Telegram.

Submitting stickers doesn't require permissions nor approvals like Line / iMessage or other platforms do.

It's awesome to encourage sticker creation and sharing.

Distribution sites and channels

Since there is no official store in Telegram, distribution of stickers becomes a problem.

Then it appears loads of sites that list and distribute stickers for free.

Upon simple googling, I found many sticker catelog sites.

Stickers' original creator has no way to stop from people who steals

Despite Telegram wanted to create a open, free and limitless eco-system for stickers.

Open and free stickers seem to be great for consumers. Everyone can submit stickers and others can add them with a public link.

Submitter != creator

Sometimes, the one who submit the sticker might not be the original artist. They just download existing sticker packs from other platforms and upload them to Telegram.

"At least the stickers are for free and it doesn't be made profitable to anyone" - some may think.

Similar to freeware, being free doesn't imply you have the right to use the original work without permission.

Example

The Bac Bac's Diray sticker is popular on Line by artist Darylhochi.


ref. https://store.line.me/stickershop/product/1040299/
ref. https://store.line.me/stickershop/product/1140113/

The complete pack of stickers can be added with this link: https://telegram.me/addstickers/BacBac . However, Darylhochi claimed on their Facebook post that the stickers are not uploaded by them.


https://www.facebook.com/darylhochi.illustrations/posts/1129855440432047

Unlike other platforms, there is no way to prevent users from re-distributing copyright protected artworks as stickers.

Stickers are great, I hope they can be better.

Telegram may not have a plan to set up a sticker store yet. But as a creator, Telegram should to take some action to make sure creativity and effort of creators from the world is well-repected.


David Ng, Product Manager at Skygear.io

comments powered by Disqus

隨機有感

其實是隨著坐飛機有感。
飛機果然是最佳的思考空間,望著窗外的藍天白雲,腦袋放空一點,沉澱了過去幾個月的一點感想。

不趕緊寫下的話,轉個身就會被金魚腦袋忘掉。

1) 開 Remote 的會議,會逼使你準備得更仔細

由於對方不是面對面,會議中基於的討論大多都會參閱預先準備好的文件。例如是先寫好的重點/筆記,或是先開好了的issue,或是先處理好的stats。

雖然這是一般會議應有的執行方式,但如果會議是Remote的話,由於要努力彌補空間和時間差,好像會逼使你執行得更嚴格。

因為要抄下來,所以首先會把重點細想一遍,會有更有效率的討論,然後也會有更好的記錄。

2) 比起分心做幾件事,更應該專注做好一件事

人通常要分心去做不同的tasks,Context Switching 使人腦殘。但想說的不是不能分心去同時做幾個task,而是:不能分心去走幾個方向。
與其把每件事趕急完成;其實更值得的是多花點時間去「雕花」,去做出令自己自豪的事。

3) 記著初衷,有一個簡單的方法:寫一個 motto,然後把它牢記

Hakuna Matata!
Hakuna Matata?

Yeah. It's our motto!
What's a motto?

Nothing. What's a-motto with you?
Those two words will solve all your problems

A motto will solve all your problems.
在迷失方向時,要問自己:「做緊咩」同埋「點解要咁做」的時候,簡短而有警惕性的 motto 便有用了。

"More good times."
"Never quits."
"Hakuna Matata."

comments powered by Disqus

Absurdity - 西西弗斯的荒謬哲學

話說那時少不更事,經常妄顧GPA去選一些不相干的課。

《死亡與不朽》是其中一科。當然是慕哲學系陶氏之名而來修讀的,如果後來沒撞時間,《幸福論》和《愛情哲學》這兩門熱門的課也應該是必修之選。

Take 了《死亡與不朽》後,馬上多了一個由九半到八半的死亡星期三(因為Tutorial 在六半至八半的JQ period orz)。

tutorial中,每人都要present一個topic。當時,抽中了卡繆的Absurdism,要讀有關西西弗斯的寓言。諾貝爾文學獎得主卡繆是哲學界裡的「荒謬英雄」,透過寓言和創作探討人生中的荒謬。

無限循環的西西弗斯

話說西西弗斯被天神懲罰,首先先別管他犯了甚麼事,但罰則如下:

STONE_WEIGHT = MAX_UNSIGNED_INT;
while(stone_not_at_top) {
    push_stone_up_hill();
}

世事當然沒這麼簡單,天神還安排了這樣的一個定律:

if(stone_near_top) {
    roll_down_stone_to_pos(0);
}

如是者,西西弗斯整個生命都在推石頭上山,然後眼白白的看它滾下山,再跑下山重頭再推。然後再來。
再來。
再來。

這根本是徒勞無功。
這根本是徒勞無功。

這根本是徒勞無功...

荒謬感

面對着這一個重覆又重覆的無限懲罰之中,人可能會產生一種「荒謬感」。在意識到這個無限重複的過程是「沒有意義」之前,「荒謬」的感覺是不存在的。

正如此文章所述:(意思相同,就此引述而不重寫了)

所謂「荒謬」,在卡繆的用法裡,是指人生存於這個世界上,嘗試尋找生命到底有什麼意義,結果卻一無所獲。生命根本沒有任何理由與意義,這時候就會產生一種「荒謬」的感覺。

更嚴格地說,卡繆的「荒謬」有兩個意思。第一個意思,是指「客觀的人生意義並不存在」;第二個意思是「當人發現客觀的人生意義並不存在,然後產生出來的感覺或信念等心理狀態。」(荒謬感)

「荒謬」圖解:

(1) 人生→客觀的人生意義其實不存在 →人生其實是荒謬的
(2) 人生→尋找人生意義→認知人生意義並不客觀地存在→ 感到荒謬(其實較近似迷茫)

所以呢,在(2) 中,如果在這些步驟之中斷開了的話,是不會碰到這種「荒謬感」的。

比如說:沒有展開人生、從來沒有尋找過人生的意義(有許多可能性,例:本身尋找「意義」的意識薄弱)、 找到/定義了「主觀」的人生意義,而沒有認知到人生意義的客觀不存在,都未會引發荒謬感來襲的感覺。

用西西弗斯的故事來說,就是如果西西弗斯:
0) 沒有在推石;
1) 從來並沒有想過他在推石的意義;
2) 有去想推石的意義,並自行賦予了他一個意義(例:健身);
3) 有去想推石的意義,並知道這是重覆而沒意義的。

以上只有3) 符合到卡繆提出造成荒謬感的條件。一旦它真的出現了,那人們應該怎去應對?

這時,卡繆就提出問題:「你會選擇自殺嗎?」
首先,卡繆並非提倡用自殺去解決,只是去探討為何選擇或者是不選擇這個方法、這是不是唯一的方法。

一個人如果像西西弗斯般,被投擲到這樣沒有意義的過程當中,結果徒勞無功、一無所獲,就會產生一種突如其來的「荒謬感」。

了解這種感覺,也許並不能解決甚麼實質問題,不能消去「人生是荒謬的」客觀事實。提出的應對方法甚至在有些人的眼中稱得上有點「阿Q精神」。

就像那個無限loop program也許只有跑到直至沒有電源或這人手停只才能安息。如果你問我它可以有甚麼客觀意義?可真是沒有的。

或許人的思想力量比較特殊,可以賦予某件事情一種「意義」。

要去嘗試回應的話,可以選擇否定「人生是被投擲到這個世界」的前設(例如人在世是為了榮耀上帝);又或者相信薩特:「人類要為自己的存在創造價值」。

悲觀(或是樂觀) 地來說,享受推石中的過程、在當中尋找到推石以外的樂趣(例如欣賞風景),把天神的「懲罰」蔑視成為一個過程,就已是一種對於不可抗命運的「反抗」。

「One must imagine Sisyphus happy.」-文章最後這樣寫道。

結語

其實這篇已經擱在一邊好一陣子了,寫不完的原因是:在文章末,總是下不了一個結論。
這個故事常被以不同的方式解讀,也分別於每人故事所定下的不同假設。結果有人解構為一個勵志的寓言,又有人將之認定為真正的悲劇。

所以,用這段剪輯來作結語好了。

圖片來源:http://bonpurloryan.com/2015/11/23/sisifos-soyleninin-oscara-da-aday-olan-kisa-animasyon-filmi/

comments powered by Disqus