Bug 1429795 requests the creation of configuration for the security-state use case of firefox-settings. After much discussion, we came to the decision of using kinto-attachment to store the raw cert data. To do so, we need a new S3 bucket. I propose the creation of an S3 bucket with a name like "security-state" or "firefox-settings-security-state". Once this bucket is created, we can use it in the configuration for the other bug.

So I got some new info and think that we may not need a separate bucket. The existing bucket is already shared by fennec and fingerprinting-defeneses and at the top level path, the two have a different directory name respectively, this makes sure the two don't conflict with each other in that bucket. For instance, > $ aws s3 ls s3://net-mozaws-stage-kinto-fennec/ > PRE fennec-staging/ > PRE fingerprinting-defenses-staging/ We can continue this model by giving security-state its own top level directory in that same bucket. Secondly, I heard kinto-attachment plugin only supports one s3 bucket at present, so using just one bucket saves dev effort hopefully.

Yes, currently we "divide" the S3 bucket according to kinto bucket and kinto collection. We can of course continue doing so. However, while looking through the configuration, I noticed that the setting was called `fennec_s3_bucket`, and indeed the S3 bucket name is "net-mozaws-stage-kinto-fennec", so it seems a bit confusing to me to have this bucket contain non-Fennec resources used for security in all Gecko browsers. Rémy suggested that maybe it would be good enough to rename the setting from fennec_s3_bucket to kinto_attachment_s3_bucket. From the Kinto side, kinto-attachment is already configured to use the bucket/collection as part of the S3 object path (https://github.com/mozilla-services/cloudops-deployment/blob/master/projects/kinto/puppet/modules/kinto/templates/kinto.ini.erb#L153). Do we need any actions on the ops side to allow these paths to work?

The app instances already have access to the existing s3 bucket. No actions from ops side are needed in terms of allowing the app to create another top level directory inside that s3 bucket. Also, which "fennec_s3_bucket" setting are you referring to? Is it [1]? Note that "@fennec_s3_bucket_name" on that line is just a puppet variable, I don't think the application cares it at all. [1] https://github.com/mozilla-services/cloudops-deployment/blob/master/projects/kinto/puppet/modules/kinto/templates/kinto.ini.erb#L150

OK, great. I will close this issue as invalid. Yes, I'm talking about the `@fennec_s3_bucket_name` variable, which actually contains an S3 bucket name that is used by non-Fennec things.