The best practice is to set all objects in S3 private. You can use IAM policy to provide a user with the appropriate permissions. In addition to this, you can also create a presigned URL - meaning users can interact with objects without the need for AWS credentials or IAM permissions. Apresigned URL is a URL that you can provide to your users to grant temporary access to a specific S3 object. A pre-signed URL uses three parameters to limit access to the user: Bucket, Key and Expires. During the tutorial, I show to create a resigned URL for a GetObject action and for a PutObject action. I use the @aws-sdk library, in particular https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_s3_presigned_post.html and https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_s3_request_presigner.html Code repository: https://github.com/enricop89/aws-serverless-samples/tree/main/s3-signed-url 00:00 Introduction 00:25 SignedURL - Get Object 06:10 SignedURL - Post Object 09:56 Code Repository If you want to learn more about AWS Services, make sure to subscribe to the channel: Youtube 🎥 - https://www.youtube.com/channel/UCrgmzG2o4xlBYzm7OB7qZFA Medium: https://enrico-portolan.medium.com/ 🌎 Find me here: Twitter - https://twitter.com/enricop89
The best practice is to set all objects in S3 private. You can use IAM policy to provide a user with the appropriate permissions. In addition to this, you can also create a presigned URL - meaning users can interact with objects without the need for AWS credentials or IAM permissions. Apresigned URL is a URL that you can provide to your users to grant temporary access to a specific S3 object. A pre-signed URL uses three parameters to limit access to the user: Bucket, Key and Expires. During the tutorial, I show to create a resigned URL for a GetObject action and for a PutObject action. I use the @aws-sdk library, in particular https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_s3_presigned_post.html and https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_s3_request_presigner.html Code repository: https://github.com/enricop89/aws-serverless-samples/tree/main/s3-signed-url 00:00 Introduction 00:25 SignedURL - Get Object 06:10 SignedURL - Post Object 09:56 Code Repository If you want to learn more about AWS Services, make sure to subscribe to the channel: Youtube 🎥 - https://www.youtube.com/channel/UCrgmzG2o4xlBYzm7OB7qZFA Medium: https://enrico-portolan.medium.com/ 🌎 Find me here: Twitter - https://twitter.com/enricop89