Reputation: 81
How to get S3 Secure Access form Application?
How to access, upload and delete objects of the S3 bucket from the web URL securely?
We are accessing the objects in S3 from our Application. But that bucket is public which is not secure.
I have tried CloudFront with OAI on the s3 bucket and putting bucket private but access is denied from the application when trying to upload an object to the s3 bucket.
We want to upload and delete objects in s3 bucket. We want that bucket to private only. And we want to do this from web applications only not from CLI, not from any tool. How could we achieve this?
Any suggestion will be appreciated.
Thanks!
Upvotes: 0
Views: 1213
Answers (3)
Reputation: 33495
It's a bad practice to use long term credentials. AWS recommends to use short term credentials along with STS. Here is an article using Python/Flask to upload a file into private S3 bucket using STS/short term credentials.
Connect on-premise Python application with AWS services using Roles
I could have listed down all the steps in this post. But, it's a bit too long and so the reference to the above link.
Upvotes: 0
Reputation: 10704
To add more to the previous answer, you can find many S3 SDK examples in the AWS Github located here:
https://github.com/awsdocs/aws-doc-sdk-examples
If you look under each programming language, you will find Amazon S3 examples. You can use the AWS SDK to perform actions on a bucket when its private. You can take security a step further too and use encryption as shown here:
Also, you can interact with Amazon S3 bucket from a web app as well by using the AWS SDK. Here is an example of building a web app using Spring Boot that interacts with an Amazon S3 bucket by reading all of the objects in the bucket.
Creating an example AWS photo analyzer application using the AWS SDK for Java
Upvotes: 0
Reputation: 269350
Your application can use an AWS SDK to communicate directly with AWS services.
Your application will require a set of credentials to gain access to resources in your AWS Account. This can be done in one of two ways:
- If your application is running on an Amazon EC2 instance, assign an IAM Role to the instance
- Otherwise, create an IAM User and store the AWS credentials on the application server by using the AWS CLI
aws configurecommand
You can control the exact permissions and access given to the IAM Role / IAM User. This can include granting the application permission to access your Amazon S3 buckets. This way, the buckets can be kept private, but the application will be able to upload/download/delete objects in the bucket.
Upvotes: 1
Related Questions
- How to access S3 bucket through HTTP?
- AccessDenied application using S3 in AWS EC2 Instance
- Accessing private S3 content only from my application
- AWS: Provide a limited and secure access to S3 object
- How to secure AWS credentials in frontend
- Secure access directly from web app to amazon s3?
- Secure connection from S3 to EC2 on AWS
- How do you let only authorized user have access contents stored in Amazon's S3?
- How to use SSE-S3 on Amazon S3?
- Amazon S3 secure bucket