AWS JS SDK Api Call Protection

Question

AWS JS SDK Api Call Protection

I have a website where I use AWS S3 JS sdk to upload / remove images from a bucket of S3 servers. Currently, I transfer credentials in raw format only in a JS file that is not protected. And AWS suggests using federated web identity technology to protect it.

I read about them and asked a few queries.

1: does this method mean that every user of my site who is going to use it to upload an image should check their logins?

2: There is something called pre-signed in the urls. It also allows us to hide credentials.

But I am confused by what exactly should be done to achieve my goal, which,

I do not want to show my end user credentials in js file. ALSO, I don’t want my end users to perform any type of authentication.

Is it possible and how?

+4

amazon amazon-s3 amazon-web-services federated-identity

Tech Nov 06 '14 at 14:35

source share

1 answer

Sébastien Stormacq · Answer 1 · 2015-01-08T08:13:31+0000

You really have to use some identity federation to somehow authenticate your users and get a temporary access key / secret key for your user.

AWS , : AWS Cognito (http://aws.amazon.com/cognito/) Cognito Identity - , -, Facebook, Google, Amazon, OpenID Connect (SalesForce...) . , Cognito AWS. , Cognito ( 15 ).

, AWS Cognito Identity . Java .Net: http://mobile.awsblog.com/post/TxBVEDL5Z8JKAC/Use-Amazon-Cognito-in-your-website-for-simple-AWS-authentication

AWS Cognito Identity , / .

AWS Cognito , , ( Google, Facebook )

https://identity-demo.aws-emea.info - -, . - : - ( № 1), - ( №2) (JavaSCript) AWS Cognito Authentication ( № 3)

: S3 URL: URL, / / S3. -. S3 URL , . , , URL S3. AWS SDK , URL.

, . , AWS Cognito, URL S3. , ( EC2, Amazon EC2)

AWS JS SDK Api Call Protection

More articles: