Skip to content
/ S3-Presigned-Put-Url Public

This is a presigned PUT URL that can be used to upload an image to an S3 bucket with the principle of least privilege.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BharathxD/S3-Presigned-Put-Url

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
aws/s3
aws/s3
 
 
pages
pages
 
 
public
public
 
 
styles
styles
 
 
utils
utils
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
diagram.png
diagram.png
 
 
next.config.js
next.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
postcss.config.js
postcss.config.js
 
 
tailwind.config.js
tailwind.config.js
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Presigned PUT S3 URL

Diagram

Cors configuration

[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["PUT"],
    "AllowedOrigins": ["*"],
    "ExposeHeaders": []
  }
]

Configure AWS Permissions

  • Create an S3 Bucket <your_bucket>
  • Create an IAM User
  • Create a Customer Managed Policy called S3FineGrainedAccess
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "sid12332",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetBucketTagging",
        "s3:GetBucketCORS",
        "s3:ListBucket",
        "s3:PutBucketCORS",
        "s3:DeleteObject",
        "s3:GetBucketPolicy"
      ],
      "Resource": ["arn:aws:s3:::<your_bucket>/*", "arn:aws:s3:::<your_bucket>"]
    },
    {
      "Sid": "sid23434",
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*"
    }
  ]
}

  • Replace <your_bucket> with the bucket you have previously created

  • Create another Customer Managed Policy called GenerateAccessKeyPolicy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "sid0435890",
      "Effect": "Allow",
      "Action": [
        "iam:DeleteAccessKey",
        "iam:UpdateAccessKey",
        "iam:CreateAccessKey",
        "iam:ListAccessKeys"
      ],
      "Resource": "arn:aws:iam::<account_number>:user/<user_name>"
    }
  ]
}

  • Replace <account_number> and <user_name> with Account Number and User Name of the created user

  • Assign an AWS Managed policy called IAMReadOnlyAccess

  • Now attach both S3FineGrainedAccess and GenerateAccessKeyPolicy to the newly created IAM User

About

This is a presigned PUT URL that can be used to upload an image to an S3 bucket with the principle of least privilege.

Topics

aws typescript s3 presigned-url

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages