Address file access in loci S3 bucket

[shaneseaton]

Need to discuss how we manage public/private access to files in the S3 bucket.

Options are:
#1: Create specific rules per file. This can get unwieldy, and requires all user to know how to edit and create the rules.

#2: Default public, but create a /private directory. This allows a single rule to be written.

#3: Default private, but create a /public directory. This makes it a bit more explicit when making things public, default private is 'safer'. Also allows a single rule to be written. BUT, we have to change a few scripts to use the /public area.

[jyucsiro]

Ben has implemented a separate s3 bucket with more restrictions. @benjaminleighton can you share the s3 bucket location?

that's probably a reasonable approach where we have one s3 bucket that is public, and another that is restricted.

[benjaminleighton]

No that isn't what I've done. I've restricted permissions to a particular resource within our existing bucket and iirc this task was created subsequent with the notion that, in the future, we'd have more things that needed to be private and a dedicated bucket might be more appropriate. Most recently I have modified the permissions on the resource to make the current approach work with our loci-cache-scripts deployment patterns.