Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

meta: Improve aws-node example readme #4753

Merged
merged 6 commits into from
Jun 10, 2024
Merged

meta: Improve aws-node example readme #4753

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3fe4daf
Log notes on how to set up AWS S3 for Uppy from scratch (draft)
arturi Oct 20, 2023
8031321
update readme, remove old example
aduh95 Oct 20, 2023
3d8e2f9
Update examples/aws-nodejs/README.md
aduh95 Nov 30, 2023
dd4f8bf
Merge branch 'main' of https://github.com/transloadit/uppy
aduh95 Nov 30, 2023
9539e64
Merge branch 'main' into aws-node-example-readme
Murderlon Jun 10, 2024
f8a85f8
Format
Murderlon Jun 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 72 additions & 45 deletions examples/aws-nodejs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,42 +8,86 @@ Express.js). It uses presigned URL at the backend level.
It's assumed that you are familiar with AWS, at least, with the storage service
(S3) and users & policies (IAM).

These instructions are **not fit for production** but tightening the security is
These instructions are **not fit for production**, tightening the security is
out of the scope here.

### S3 Setup

- Create new S3 bucket in AWS (e.g. `aws-nodejs`).
- Add a bucket policy.

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicAccess",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::aws-nodejs/*"
}
Assuming you’re trying to setup the user `MY-UPPY-USER` to put the uploaded
files to the bucket `MY-UPPY-BUCKET`, here’s how you can allow `MY-UPPY-USER` to
get STS Federated Token and upload files to `MY-UPPY-BUCKET`:

1. Set CORS settings on `MY-UPPY-BUCKET` bucket:

```json
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"HEAD",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"ETag",
"Location"
]
}
]
}
```
```

- Make the S3 bucket public.
- Add CORS configuration.
2. Add the following Policy to `MY-UPPY-BUCKET`:

```json
[
```json
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"],
"AllowedOrigins": ["*"],
"ExposeHeaders": []
"Version": "2012-10-17",
"Statement": [
{
"Sid": "MyMultipartPolicyStatement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::*:user/MY-UPPY-USER"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm getting the following error on the AWS console:

Unsupported Wildcard In Principal: Wildcards (*, ?) are not supported with the principal key AWS. Replace the wildcard with a valid principal value. Learn more

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going to merge this anyway because the current docs are also giving warnings and this is still an improvement. We can improve on this further later.

},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::MY-UPPY-BUCKET/*"
}
]
}
]
```
```

3. Add the following Policy to `MY-UPPY-USER`:

(if you don’t want to enable signing on the client, you can skip this step)

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "MyStsPolicyStatement1",
"Effect": "Allow",
"Action": [
"sts:GetFederationToken"
],
"Resource": [
"arn:aws:sts::*:federated-user/*"
]
}
]
}
```

### AWS Credentials

Expand All @@ -55,21 +99,6 @@ You may use existing AWS credentials or create a new user in the IAM page.
[environment variables](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/loading-node-credentials-environment.html)
or a
[credentials file in `~/.aws/credentials`](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials-node.html).
- You will need at least `PutObject` and `PutObjectAcl` permissions.

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": ["s3:PutObject", "s3:PutObjectAcl"],
"Resource": "arn:aws:s3:::aws-nodejs/*"
}
]
}
```

## Prerequisites

Expand All @@ -83,7 +112,7 @@ Add a `.env` file to the root directory and define the S3 bucket name and port
variables like the example below:

```
COMPANION_AWS_BUCKET=aws-nodejs
COMPANION_AWS_BUCKET=MY-UPPY-BUCKET
COMPANION_AWS_REGION=…
COMPANION_AWS_KEY=…
COMPANION_AWS_SECRET=…
Expand All @@ -104,6 +133,4 @@ corepack yarn workspace @uppy-example/aws-nodejs start

Dashboard demo should now be available at http://localhost:8080.

You have also a Drag & Drop demo on http://localhost:8080/drag.

_Feel free to check how the demo works and feel free to open an issue._
104 changes: 0 additions & 104 deletions examples/aws-nodejs/public/drag.html
View file
Open in desktop

This file was deleted.