Have you always wondered how to upload an image in your Angular app to your S3 Bucket on Amazon?
I'm going to teach you a very easy way to do it u...
For further actions, you may consider blocking this person and/or reporting abuse
Did you really allow „Everyone“ to write to your S3 Bucket? You should use your AWS credentials as authorization, not allow everyone full access.
Yeah I did it on purpose.
1) AWS Allows public access to your s3, that's why that option exists, but you have to be careful depending on the app you are working on and what you want people to have access to. If you really care about security then yes, use authorization if you don't then authorization is irrelevant like in this tutorial.
2) I added an extra step just in case people care about having authorization when writing objects into the S3 bucket.
I think public write access should not be endorsed, especially when it’s unnecessary because you are authenticating in the backend. I fear some people will just follow the example without thinking about it.
Maybe I can do another tutorial that goes more in debt with security etc, but I want to keep this one as short as possible. As I mentioned at the beginning of the tutorial, if the requirements is to have have basic knowledge on NodeJS and AWS . I have erased those steps :) Thanks for the feedback
I think the article was otherwise great, looking forward for more :)
I appreciate your feedback. Feel free to let me know if you see anything else that looks sketch or wrong lol
This is one huge security trap. Using root security credentials, completely open buckets, cloning random services, then giving them access to those root credentials.
Stay well clear.
Thanks for the feedback I have erased those steps, but just to clarify you are making it seem with your word "trap" like I want to trick them for me to steal their credentials which is not true. FYI They are not cloning any random service. They are cloning the repo with the structure of the project so they don't have to do it themselves since I assume they already know some nodejs and angular as I specified in the beginning of the tutorial that is was a requirement.
It was maybe worded a bit harsh, sorry. Thanks for fixing it.
Hmmm, looking closer, it's still using root credentials. You really should at least put a big "never ever, ever do this, use roles" warning in there (or better, show the steps).
I'm gonna add that to the note I have at the top "...without getting in debt in IAM and other security stuff that will make this tutorial even longer. If you want to learn more about that, please do some extra research." Thanks for the feedback
Perfect timing according to my task list. Thank you for this article!
Does it work for linode storage which is compatible with AWS S3
How to do that for multi file upload?