SPIKE: What AWS permissions should PDC files have?

[bess]

User story

As an organization that runs a trusted digital repository, I want to ensure that files can't be deleted by unauthorized users, and can't easily be deleted accidentally. However, on 30 September 2024 the team learned that our checksum files had been deleted. They were deleted more than 30 days ago, so we cannot restore them. We do not have any record of who deleted them or why, and we have no reason to think this can't happen again. Also, if this can happen to our checksum files, we think it could also happen to actual research data.

Acceptance criteria

• Investigate and document what AWS user owns the files right now, and what ACLs are attached to those files
• Is it currently the case that any PUL AWS user could delete PUL files?
• If so, what ACLs should we be putting into place to ensure that only authorized users can delete files?
• Document all of this and give it to Kate

[bess]

1. The owner of the PDC files is aws-0003
   

2. The owner of all of the other files I checked is also aws-0003
   

3. Since all files have the same owner, and that owner can read and write their own files, I believe that anyone who can authenticate to the pulibrary AWS account can delete PDC files or buckets.
   

4. To fix this, we need to set permissions policy at the bucket level. Currently, there is no ACL policy in place.