Skip to content

Instantly share code, notes, and snippets.

@ftpmorph
ftpmorph / Details and config tips.txt
Last active Jan 30, 2021
Amazon AWS S3 IAM permissions required for Mastodon
View Details and config tips.txt
When setting up a Mastodon instance I had a very hard time working out the required S3 permissions.
Wasted a day on it. None of the tutorials or even the official documentation gave me this information.
In the end I gave up and just gave it blanket access to all permissions for the Mastodon bucket (S3Administrator).
But this didn't set well with me - I don't like granting unnecessary permissions, especially not when S3 has about 100 of them.
If the server were to become compromised or the keys were to otherwise fall into the wrong hands I'd want a potentially malicious actor to have as limited permissions as possible.
Anyway I finally worked out the permissions required to for Mastodon to function with an S3 bucket as its media storage.
See below for the IAM policy.
@ftpmorph
ftpmorph / mastodon automated cache wipe.txt
Last active Mar 12, 2021
mastodon user's crontab to keep cache from piling up - login to mastodon acct and run crontab -e to add this
View mastodon automated cache wipe.txt
#!/bin/bash
PATH=/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/bin:/usr/local/bin:/usr/bin:/bin
# Output of commands will be written to log files specified in home folder of mastodon user
# This allows for easy debugging, but once you know it works you can remove the part starting at >> to disable logging
# Conversely if you want more output in the log you can add "--verbose" to the command
# Tried and tested successfully with mastodon v3.3.0 and the v3.3.0+glitch fork.
# Clears cached media from other instances that's over a week old by default. You can add "--days 3" for example to clear out media quicker.