javascript - Are AWS server-side TemporaryCredentials usable for client-side S3 upload? -


using client-side version of aws javascript sdk v2.2.29 (e.g. bower aws-sdk-js) possible (though unacceptable because exposes real aws credentials client):

var region = 'us-east-1',     accesskeyid = 'az12341234',     secretaccesskey = 'abcde1fghij2klmnopqr3tuvwx4yz';  var creds = new aws.credentials(accesskeyid, secretaccesskey);  creds.get(function() {   s3location = new aws.s3({     region: my.region,     credentials: creds   });   ready(); // presents upload form, binds events, etc.. }); 

the dream split process 2 parts, 1 secure server-side , following client-side.

part 1. use nodejs server-side version of aws javascript sdk (e.g. aws-sdk) this:

var creds = new aws.temporarycredentials(accesskeyid,  secretaccesskey);  creds.get(function() {   var aws = {     accesskeyid: creds.accesskeyid,     sessiontoken: creds.sessiontoken,     region: my.region,   };   // e.g. makes aws var available client   res.render('form', {     aws: aws   }); } 

part 2. use client-side version of aws javascript sdk (e.g. bower aws-sdk-js) something like this:

// e.g. aws = <from-server-side> var creds = new aws.credentials(aws.accesskeyid, null, aws.sessiontoken); creds.get(function() {   s3location = new aws.s3({     credentials: creds,     region: aws.region   });   ready(); }); 

the code above seems work, until actual chunked upload begins, result in 403:

<code>signaturedoesnotmatch</code> <message>     request signature calculated not match      signature provided. check key , signing method. </message>    

it seems s3 sdk might limited, , multipart uploads impossible if such transaction theoretically possible.

ought possible? ideas how?

for specific question, should @ roles/policies credentials, , ensure allowing multipart uploads.

another solution client request server return signed url allows client get/post file directly s3 (not using aws api using http directly.

i use fineuploader (for uploads), , have bunch of examples should give idea (even if don't want use fineuploader) how this:

http://docs.fineuploader.com/branch/master/endpoint_handlers/amazon-s3.html

heruku has example: https://devcenter.heroku.com/articles/s3-upload-node

but doing (or using cognito similar thing) should work. therefore, problem has related role/policies associated temporary credentials creating.


Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -