I have a S3 bucket and one Elastic Beanstalk express server on AWS.
There is folder named data and there is another folder named images in that S3 bucket. In data folder I have some strict data that I want to access only from ELB express server.
In images folder there are content images that I upload manually and I want to access these images via my mobile app in <Image /> tag by using some secret key. And even if I do not provide that secret key it should not be accessible.
Is there any way to do that? I am junior on AWS! :/
Yess, it took my time however I fixed that issue.
For data folder I created IAM user and role to connect S3 bucket from ELB app and added some policies;
{
"Version": "2012-10-17",
"Id": "Policy1528702071704",
"Statement": [
{
"Sid": "Stmt1528702067249",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket-name/*"
}
]
}
For getting images from mobile app by using key was the hard one because either I will need to make by bucket public or I will need to use preSignedUrl feature from AWS. And I followed the second way. I generated keys from IAM user panel to access S3 bucket by using those keys from app. I decided to access and create preSignedUrl in ELB app since I provide data from ELB app to mobile app. And I created this function;
const getImageURL = () => {
const params = {
Bucket: "my-s3-bucket",
Key: "images/pretty.jpg",
Expires: 60 * 5,
};
const url = await new Promise((resolve, reject) => {
s3.getSignedUrl("getObject", params, (err, url) => {
err ? reject(err) : resolve(url);
});
});
return url ?? 'some-public-image';
}
I hope it helps someone else too.