I have never done this before. What I am trying to do is allow customers, who have already authenticated themselves on my own website, to upload files to an S3 bucket via a dashboard on my own website. Below is a breakdown of the process.
I am reading the SDK for PHP V3 documentation right now, which states, "[I] must establish how [my] code authenticates with AWS." I have read the suggested link, but it is still unclear to me which mode of authentication I should be using as Identity Providers
Should I be creating an IAM user and using its credentials? After doing some more reading, this seems like the most appropriate way to me (who is lacking experience and knowledge of this)... Is there another way that is recommended or a more secure way?
There are two ways to provide your application with AWS credentials.
If your application is running on an Amazon EC2 instance, then you should:
When your PHP app uses the AWS SDK for PHP, it will automatically retrieve temporary credentials that will be used to access AWS services such as Amazon S3.
If your application is running outside of AWS, you should instead create an IAM User with the desired permissions. You can then create security credentials for that IAM User, which will have an Access Key and a Secret Key (similar to a username and password). These credentials should then be stored on your computer by running the AWS CLI aws configure
command. This will store the credentials in a configuration file. When you PHP app uses the AWS SDK for PHP, it will automatically retrieve these credentials and use them when communicating with AWS.
It would also be wise to look at using Amazon S3 pre-signed URLs, which can be used to let end-users upload files to an S3 bucket. The bucket remains private, but the pre-signed URL will let them upload a file within a certain time period (eg 5 minutes). This could be another way of allowing them to upload files to your system.