4

Right now I am using the javascript SDK to access my s3 bucket and it works fine but I have hard-coded all my credentials in the javascript directly but in the SDK they are saying you can store these in the AWS.config object and I dont know how to do this. Also, the online resources are not informative so can someone please let me know how to do this or any other better way to do this instead of hard-coding the credentials?

    <script type="text/javascript">
        AWS.config.accessKeyId = 'dddddddddd';
        AWS.config.secretAccessKey = 'rrrrrrrrrrrrrrrreeeeeeeeeeeeeeeeeeeee';
        AWS.config.region = 'us-east-1';

        // create the AWS.Request object
        var bucket = new AWS.S3({ params: { Bucket: 'some.bucket' } });
        bucket.listObjects(function (err, data) {
            if (err) {
                document.getElementById('status').innerHTML =
                  'Could not load objects from S3';
            } else {
                document.getElementById('status').innerHTML =
                  'Loaded ' + data.Contents.length + ' items from S3';
                for (var i = 0; i < data.Contents.length; i++) {
                    document.getElementById('objects').innerHTML +=
                      '<li>' + data.Contents[i].Key + '</li>';
                }
            }
        });
    </script>
Improve this question
1

3 Answers 3

Reset to default
1

I think a better way is to store it in ~/.aws/credentials. You can do that by creating the file or using aws configure with the cli command, answer the questions and it will generate this file:

[default]
aws_access_key_id = THEACCESSKEYHERE
aws_secret_access_key = THESECRETACCESSKEYHERE

and ~/.aws/config:

[default]
output = json (or whatever you prefer here)
region = us-east-1 (or whatever region you are using)

This works without having to manually add it for each command or call to the AWS you require.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

What do you put in the javascript to have it load them from the .aws/credentials file?
@Dtor console.log(process.env.aws_secret_access_key)
0

I believe this is not supported in the browser. The AWS Javascript SDK is fully supported on node.js.

Read this: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS.html

It kind of makes sense, since nobody would want to expose private authentication/authorization information in public.

If you want to get fancy you could potentially pass the credentials using JSONP from another server (http://en.wikipedia.org/wiki/JSONP) and restrict access to certain clients using a firewall, but it can get kinda messy.

On a different note, why not expose the S3 bucket publicly for read access since the javascript on the browser is public anyways?

Improve this answer

1 Comment

Doesn't AWS contain a lot of public authentication/authorization information anyway? (see Cognito SDK examples). My understanding, correct me if I'm wrong, is that authorization can be on a per-identity basis, and session keys are generated for logins that are attached to IAM roles, and that the system is "secure enough" because these keys are passed over HTTPS, locked to the domain, and expired. And also.. perfect forward secrecy can be switched on. So the identity-access-keys can come from an Identity Pool login, and do not have to be actual admin-access-keys to the bucket. Make sense?
0

There is a way to achieve JS uploads in the browser without revealing your private credentials. It does however, require some server side logic.

See answer here: S3 upload directly in JavaScript

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.