Comments (16)
john-aws
commented on July 23, 2024
2
While not a complete solution, a short-term workaround for this request might be to make the bucket public but restrict access to whitelisted IPs, as follows in an S3 bucket policy:
"Condition": {
"IpAddress": {
"aws:SourceIp": "1.2.3.4/32"
}
}
from aws-js-s3-explorer.
jflasher
commented on July 23, 2024
@vaulstein can you explain a bit more the use case you have in mind?
from aws-js-s3-explorer.
vaulstein
commented on July 23, 2024
In case one does not want to make a bucket public, but wants to view the
contents or provide a restricted access to certain users.
For example, I was trying to deploy the index.html on an elasticbeanstalk
environment. I can control access to the elasticbeanstalk app url. But
without the contents being public I cannot view the contents of the s3
bucket.
The AWS Javascript sdk also does seem to help with such a deployment.
Is there a way to access the s3 bucket contents with such a configuration?
Having a node clone of this and using the node AWS sdk?
…On Tue 6 Mar, 2018, 7:43 PM Joe Flasher, ***@***.***> wrote:
@vaulstein <https://github.com/vaulstein> can you explain a bit more the
use case you have in mind?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#11 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGY2J3RJDJc217zOQksjJG3Vg0qWwGwVks5tbplxgaJpZM4SeiGd>
.
from aws-js-s3-explorer.
vaulstein
commented on July 23, 2024
@jflasher I tried using Cognito to achieve the above requirement as done on this link - Cognito for S3 Access, but I still receive a Forbidden response.
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
Hi, we're looking at some options to provide a variant that includes authentication using AWS credentials.
from aws-js-s3-explorer.
vaulstein
commented on July 23, 2024
That would be so great! Thanks.
…On Fri 9 Mar, 2018, 8:42 PM john, ***@***.***> wrote:
Hi, we're looking at some options to provide a variant that includes
authentication using AWS credentials.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#11 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGY2J5sw3HcJboZWffVT_VPFXbKvTkzwks5tcpvdgaJpZM4SeiGd>
.
from aws-js-s3-explorer.
davereinhart
commented on July 23, 2024
I would still like to see a version that uses makeRequest instead of makeUnauthenticatedRequest if possible, to use non-public buckets. I'm hoping to use the Condition operator for a StringLike argument to restrict access to a specific subfolder within a bucket. It doesn't look like it's possible to combine two different condition operators, so I can't use IpAddress and StringLike together. If that's something you can add or help me implement, I'd really appreciate it!
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
@geomapdev Apologies for the late response. Could you implement what you need as follows?
-
have the user always visit https://s3.amazonaws.com/mybucket/index.html#myfolder/ rather than https://s3.amazonaws.com/mybucket/index.html
-
implement the following S3 bucket policy for mybucket (replace mybucket, myfolder, and 1.2.3.4/32 as appropriate):
{
"Version": "2012-10-17",
"Id": "prefixpolicy",
"Statement": [
{
"Sid": "index",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::mybucket/index.html"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": "1.2.3.4/32"
}
}
},
{
"Sid": "prefixlist",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:List*",
"Resource": [
"arn:aws:s3:::mybucket",
"arn:aws:s3:::mybucket/*"
],
"Condition": {
"StringLike": {
"s3:prefix": "myfolder/*"
},
"IpAddress": {
"aws:SourceIp": "1.2.3.4/32"
}
}
},
{
"Sid": "prefixobjects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:Get*",
"Resource": [
"arn:aws:s3:::mybucket/myfolder",
"arn:aws:s3:::mybucket/myfolder/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": "1.2.3.4/32"
}
}
}
]
}
Without modifications to the code, the user would still see the breadcrumb for the top-level folder and could click it but the user would not be able to navigate to it and instead would see Access Denied.
This could potentially be extended to multiple unauthenticated users accessing different folders in the same bucket if you can differentiate them by source IP.
Anyhow, hope this gives you some ideas.
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
@vaulstein Hi, I have uploaded an alpha of version 2 of S3 Explorer that can be used with private S3 buckets.
This version is optimized for private buckets, so always asks you for bucket name and credentials when loading, but it can also be used for public S3 buckets. You can host this tool in any S3 bucket you like and use it to explore any other bucket(s) (assuming that you have appropriate CORS settings on the chosen target bucket and your IAM credentials have sufficient S3 permissions).
Note some of the key features of this v2 alpha:
- support for private buckets
- support for file uploads
- support for file deletion
If you choose to explore a private S3 bucket then you will need to supply AWS credentials. Credentials can be provided in one of the following forms:
- IAM credentials: access key ID and secret access key
- IAM credentials with MFA: access key ID, secret access key, and authentication code from an MFA device
- STS credentials: access key ID, secret access key, and session token
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
@geomapdev Please note availability of an alpha of version 2 of S3 Explorer, supporting authentication for private S3 buckets.
from aws-js-s3-explorer.
Pongchaiwat
commented on July 23, 2024
Hi, John
I try your file but I have some question. I need to put html, js, css in the bucket right?
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
@Pongchaiwat Correct, you'll need all 3 files (HTML, CSS, and JS) in the same S3 bucket (they should all be publicly readable, but you can also configure an IP whitelist in your S3 bucket policy if desired).
Note that you could choose to create a single HTML that contained all 3 files inline if you wanted for ease of distribution, but we chose to separate them for v2 because the file sizes were getting large.
from aws-js-s3-explorer.
Pongchaiwat
commented on July 23, 2024
I try it but it show error like this.
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
@Pongchaiwat Please ensure that your target S3 bucket (test-test-0001) has the correct CORS configuration, especially the AllowedOrigin. You have a few options when it comes to AllowedOrigin.
- To allow cross-origin requests from a web page at https://bucket1.s3.amazonaws.com/index.html to bucket2, supply the following CORS configuration in the S3 bucket policy on bucket2:
<AllowedOrigin>https://bucket1.s3.amazonaws.com</AllowedOrigin>- Access your web page at https://s3.amazonaws.com/bucket1/index.html (path style URL) instead of https://bucket1.s3.amazonaws.com/index.html (virtual-hosted style URL) and supply the following CORS configuration in the S3 bucket policy on bucket2:
<AllowedOrigin>https://s3.amazonaws.com</AllowedOrigin>- One final option you have is to allow all remote origins, as follows, if appropriate:
<AllowedOrigin>*</AllowedOrigin>from aws-js-s3-explorer.
Pongchaiwat
commented on July 23, 2024
I try to use private s3 bucket.
from aws-js-s3-explorer.
john-aws
commented on July 23, 2024
@Pongchaiwat I've created #27 to track this issue with signature v4 regions.
from aws-js-s3-explorer.
Related Issues (20)
- cors policy in README doesn't work HOT 3
- README.md CORS config typo (v2-alpha) HOT 2
- Unable to open explorer with cloud front HOT 1
- Question: Hiding specific folders from view. HOT 1
- Feature Request - Add AD login HOT 2
- Network Failure
- Question: is there a way to specify service endpoint (endpoint URL)? HOT 5
- S3 local connection HOT 2
- AWS SSO/SAML Integration HOT 3
- Question: promptForBucketInput HOT 5
- Cors Issue
- Unable to list S3 object HOT 3
- django app based on your project HOT 2
- xss injection HOT 2
- Dependencies out of date
- Error accessing S3 bucket test-browse. Error: NetworkingError: Network Failure HOT 3
- Support storage backends other than S3 HOT 1
- Upload Speed HOT 3
- Method for CNAME creation HOT 1
- JSON CORS config in README HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-js-s3-explorer.