0

My code uses the AWS Javascript SDK to upload to S3 directly from a browser. Before the upload happens, my server sends it a value to use for 'Authorization'.

But I see no way in the AWS.S3.upload() method where I can add this header.

I know that underneath the .upload() method, AWS.S3.ManagedUpload is used but that likewise doesn't seem to return a Request object anywhere for me to add the header.

It works successfully in my dev environment when I hardcode my credentials in the S3() object, but I can't do that in production.

How can I get the Authorization header into the upload() call?

John D.
  • 2,521
  • 3
  • 24
  • 45

2 Answers2

0

Client Side

this posts explains how to post from a html form with a pre-generated signature How do you upload files directly to S3 over SSL?

Server Side

When you initialise the S3, you can pass the access key and secret. 

const s3 = new AWS.S3({
  apiVersion: '2006-03-01',
  accessKeyId: '[value]',
  secretAccessKey: '[value]'
});

const params = {};
s3.upload(params, function (err, data) {
  console.log(err, data);
});

Reference: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html

Alternatively if you are running this code inside AWS services such as EC2, Lambda, ECS etc, you can assign a IAM role to the service that you are using. The permissions can be assigned to the IAM Role

Arun Kamalanathan
  • 8,107
  • 4
  • 23
  • 39
  • this code would do, if you are using some other mechanism, can you post some code for me to have a look. – Arun Kamalanathan Dec 05 '19 at 02:05
  • This is what I mentioned works in dev, but I would have to hardcode my access key and secret client-side, which I don't want to do. This client-side script only has access to Authorization – John D. Dec 05 '19 at 02:56
  • it looks like impossible to use `Authorization` header with SDK, you may have to look into other ways – Arun Kamalanathan Dec 05 '19 at 03:30
0

I suggest that you use presigned urls.

jimmone
  • 446
  • 1
  • 6
  • 15
  • Can I use this presigned url from the JS SDK on the client side? – John D. Dec 05 '19 at 16:37
  • Yes but that would not solve the problem of having secrets on the client. You should make an API to serve the presigned url. – jimmone Dec 05 '19 at 23:44
  • This is exactly what I ended up doing, but I couldn't find a way to inject the presigned URL into the SDK. So I'm using raw XmlHttpRequest with the presigned URL and it's working. Thanks for your advice. – John D. Dec 07 '19 at 06:39