diff --git a/examples/aws-nodejs/README.md b/examples/aws-nodejs/README.md index 6bc2f94b8..1fc8c7fb5 100644 --- a/examples/aws-nodejs/README.md +++ b/examples/aws-nodejs/README.md @@ -8,42 +8,67 @@ Express.js). It uses presigned URL at the backend level. It's assumed that you are familiar with AWS, at least, with the storage service (S3) and users & policies (IAM). -These instructions are **not fit for production** but tightening the security is +These instructions are **not fit for production**, tightening the security is out of the scope here. ### S3 Setup -- Create new S3 bucket in AWS (e.g. `aws-nodejs`). -- Add a bucket policy. +Assuming you’re trying to setup the user `MY-UPPY-USER` to put the uploaded +files to the bucket `MY-UPPY-BUCKET`, here’s how you can allow `MY-UPPY-USER` to +get STS Federated Token and upload files to `MY-UPPY-BUCKET`: - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicAccess", - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::aws-nodejs/*" - } - ] - } - ``` +1. Set CORS settings on `MY-UPPY-BUCKET` bucket: -- Make the S3 bucket public. -- Add CORS configuration. + ```json + [ + { + "AllowedHeaders": ["*"], + "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"], + "AllowedOrigins": ["*"], + "ExposeHeaders": ["ETag", "Location"] + } + ] + ``` - ```json - [ - { - "AllowedHeaders": ["*"], - "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"], - "AllowedOrigins": ["*"], - "ExposeHeaders": [] - } - ] - ``` +2. Add the following Policy to `MY-UPPY-BUCKET`: + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "MyMultipartPolicyStatement1", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::*:user/MY-UPPY-USER" + }, + "Action": [ + "s3:PutObject", + "s3:PutObjectAcl", + "s3:ListMultipartUploadParts", + "s3:AbortMultipartUpload" + ], + "Resource": "arn:aws:s3:::MY-UPPY-BUCKET/*" + } + ] + } + ``` + +3. Add the following Policy to `MY-UPPY-USER`: (if you don’t want to enable + signing on the client, you can skip this step) + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "MyStsPolicyStatement1", + "Effect": "Allow", + "Action": ["sts:GetFederationToken"], + "Resource": ["arn:aws:sts::*:federated-user/*"] + } + ] + } + ``` ### AWS Credentials @@ -55,21 +80,6 @@ You may use existing AWS credentials or create a new user in the IAM page. [environment variables](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/loading-node-credentials-environment.html) or a [credentials file in `~/.aws/credentials`](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials-node.html). -- You will need at least `PutObject` and `PutObjectAcl` permissions. - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": ["s3:PutObject", "s3:PutObjectAcl"], - "Resource": "arn:aws:s3:::aws-nodejs/*" - } - ] -} -``` ## Prerequisites @@ -83,7 +93,7 @@ Add a `.env` file to the root directory and define the S3 bucket name and port variables like the example below: ``` -COMPANION_AWS_BUCKET=aws-nodejs +COMPANION_AWS_BUCKET=MY-UPPY-BUCKET COMPANION_AWS_REGION=… COMPANION_AWS_KEY=… COMPANION_AWS_SECRET=… @@ -104,6 +114,4 @@ corepack yarn workspace @uppy-example/aws-nodejs start Dashboard demo should now be available at http://localhost:8080. -You have also a Drag & Drop demo on http://localhost:8080/drag. - _Feel free to check how the demo works and feel free to open an issue._ diff --git a/examples/aws-nodejs/public/drag.html b/examples/aws-nodejs/public/drag.html deleted file mode 100644 index 5d0e77927..000000000 --- a/examples/aws-nodejs/public/drag.html +++ /dev/null @@ -1,104 +0,0 @@ - - -
- -