S3 Bucket
The S3 bucket neulabs-docs-swamp is the central storage for all documentation assets.
Configuration
| Property | Value |
|---|---|
| Bucket name | neulabs-docs-swamp |
| Region | eu-west-1 |
| Versioning | Enabled |
| Removal policy | RETAIN (bucket is never deleted by CDK) |
Public access
By default the bucket is private. The only exception is the bootstrap/ prefix, which has public read enabled via a bucket policy.
Public read: s3://neulabs-docs-swamp/bootstrap/*
Private: s3://neulabs-docs-swamp/* (everything else)
ACL-based public access is fully blocked. Public access is granted exclusively through the bucket policy scoped to bootstrap/*.
Public URLs
| Asset | URL |
|---|---|
| Docusaurus template | https://neulabs-docs-swamp.s3.eu-west-1.amazonaws.com/bootstrap/doc_template.zip |
| Bootstrap script | https://neulabs-docs-swamp.s3.eu-west-1.amazonaws.com/bootstrap/docubuilder.sh |
IAM access
The DocsBucketRole IAM role (attached to the bucket) has full s3:* permissions and is intended for administrative operations. For CI/CD write access, use the GitHub OIDC upload role instead.
See GitHub OIDC for details on CI/CD authentication.