如何在不共享密钥的情况下执行AWS S3的多部分上传?

时间:2021-11-01 02:17:43

I am developing an image sharing application in which I have to deal with a huge number of S3 image uploads.Currently, I am using S3 pre-signed URLs to upload images from mobile applications.The problem is that this method doesn't support multipart upload.

我正在开发一个图像共享应用程序,在这个应用程序中,我必须处理大量的S3图像上传。目前,我使用S3预签名url从移动应用程序上传图像。问题是这个方法不支持多部分上传。

So I researched on API gateway and lambda file uploads.Finally, I implemented a solution. Here the problem is that API gateway has a content length limit of 10 MB and lambda can only accept JSON payload of max 6 MB.

所以我研究了API网关和lambda文件上传。最后,我实现了一个解决方案。这里的问题是API网关的内容长度限制为10mb, lambda只能接受最大6mb的JSON有效负载。

I am using nodejs as the backend server. How can I perform S3 multipart uploads from the mobile application without sharing IAM secret keys?

我使用nodejs作为后端服务器。如何在不共享IAM密钥的情况下从移动应用程序执行S3多部分上传?

I found another way of signing each multipart URL from the server.But there is no proper guide for implementation.

我找到了另一种从服务器为每个多部分URL签名的方法。但是,没有合适的实施指南。

Can somebody give a proper answer?

谁能给出一个恰当的答案吗?

NB: I don't want to give public write access to S3 bucket and I am not using EC2 servers.

NB:我不想给S3桶提供公共的写访问,而且我没有使用EC2服务器。

1 个解决方案

#1


2  

The proper answer in all likelihood involves using AWS Cognito to issue temporary credentials to each mobile device/user when they are needed, with only the minimum privileges they need - i.e. 'throw away' keys.

正确的答案很可能是使用AWS Cognito在每个移动设备/用户需要的时候向他们颁发临时证书,并只授予他们所需的最低权限。“扔掉”键。

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_cognito.html

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_cognito.html

#1


2  

The proper answer in all likelihood involves using AWS Cognito to issue temporary credentials to each mobile device/user when they are needed, with only the minimum privileges they need - i.e. 'throw away' keys.

正确的答案很可能是使用AWS Cognito在每个移动设备/用户需要的时候向他们颁发临时证书,并只授予他们所需的最低权限。“扔掉”键。

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_cognito.html

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_cognito.html