0

My application is integrated with LDAP and AWS cloud. We login to our application using LDAP credentials.

When I provide a link to a file on a bucket in my UI(https:<bucketname>.s3.amazonaws.com/<file_name>), the user is just able to click the link to download the file

So, I don't do a s3.get_object to download that file; just using the full URL works

Similarly I believe I should be able to create a file on the bucket without using s3.put_object as well. How can I achieve that?

m.beginner
  • 389
  • 2
  • 18
  • There are many (similar) ways to create a file in S3 bucket, but they are not much different from using s3.put_object. Perhaps you can be more precise (describe use case) with what you are trying to achieve. – Dusan Bajic Jul 10 '19 at 07:58
  • `File.open(File.join("https://mybucket.s3.amazonaws.com", report_file_name) , "wb") do |f| f.write(forecast_report_excel) end` Can I do something like this? My main goal is to write a file to a bucket without using the key id and secret key (is it possible to create an s3 instance in code without passing key id and secret key btw?) – m.beginner Jul 10 '19 at 08:05
  • 1
    Unless you want to allow anyone to write to your bucket (which I doubt), you need to authenticate somehow. But it does not have to be key/id, if you are running your application on AWS EC2 instance you can use IAM roles (check https://cloud-gc.readthedocs.io/en/latest/chapter03_advanced-tutorial/iam-role.html or https://stackoverflow.com/questions/34057679/aws-s3-bucket-access-from-ec2) – Dusan Bajic Jul 10 '19 at 11:25
  • Thank you very much! This link was very resourceful! Just one question pls? Assume I have created an IAM role and given full access to S3 for my EC2 instance. In that case, how do I create an S3 instance in my code without passing key id and secret key? Would you be able to show a sample code for this scenario? – m.beginner Jul 10 '19 at 12:28
  • I suppose by 'create an S3 instance' you mean 'create an S3 bucket'? Anyway, I can't help with ruby :), but from aws cli it is quite simple `aws s3api create-bucket --bucket name-of-my-bucket --region us-east-1` – Dusan Bajic Jul 10 '19 at 12:37
  • I meant creating an s3 handle in code. This is how I am uploading files to S3 currently : `s3 = Aws::S3::Client.new( access_key_id: '', secret_access_key: '') s3.put_object(bucket: '', key: myfilekey, body: myfilebody)` As you can see `Aws::S3::Client.new` - this is how we create an S3 instance in code before you could use the instance to put objects in its buckets. And it takes 2 parameters - key id and secret key. Is there a way to create this instance without passing key id and secret key? That was my question – m.beginner Jul 10 '19 at 12:41
  • Although I have shown Ruby code above, this is not a Ruby specific question really. If you would have the answer for my question that works for Java, am sure the solution for Ruby could be easily derived from it – m.beginner Jul 10 '19 at 12:44
  • I understand what you are asking. For `aws cli`, simply no credentials need to be supplied, I can only assume it is the same for Ruby SDK – Dusan Bajic Jul 10 '19 at 13:15
  • I just found this link - https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html. This is the coding equivalent of IAM. Would you be able to make suggestions based on this? I can create an ISM role and assign it to a user. But am not sure how to call a `put_object` to upload a file – m.beginner Jul 10 '19 at 13:54
  • If you launch your EC2 instance with an IAM role then *all* AWS SDKs will automatically retrieve credentials on your behalf. You don't need to provide them explicitly. – jarmod Jul 10 '19 at 15:59

0 Answers0