HI All:
I am using s3 for some of my private files, which i only what to show to certain users of my site.
so i found this [Securing S3 Downloads with Query String Request Authentication Alternative] and followed ffxsam’s suggestion i used the peerlibrary:aws-sdk to generate the signed url as follow
`Meteor.methods({ 'awsGetSignedUrl': function (filePath) { if(!filePath) return filePath=filePath.substr(1); const s3 = new AWS.S3(); let url; url = s3.getSignedUrlSync('getObject', { Bucket: Meteor.settings.AWS.bucket, Key: `${filePath}`, Expires: }); return {url}; }});`
Now my bucket policy is like this
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Deny file access to file and pdf", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::[mybucket]/pdf/*", "arn:aws:s3:::[mybucket]/file/*" ] }, { "Sid": "Allow myself access to files", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::[myarn]”, ] }, "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::[mybucket]/pdf/*", "arn:aws:s3:::[mybucket]/file/*" ] } ] }
I denied the access to these two folders and allow it to the user specified
and for the arn user i attached the fullS3access policy to it
Now i still get this
AccessDenied
Access Denied
9CD9753317624412
2H+jG/TS96sFfflyA4o52mi6yz4sfVBeaHA455yA5IMGcTY9NwWk5Okh/Lbt70uSJn0vdEUQqGQ=
can any one help me with is
signedurl and s3 bucket policy, how should they work together