DEV Community

loading...

Discussion on: Angular With NodeJS Image Upload To AWS S3 - EASY!!

Collapse
ifavo profile image
Mario Micklisch

Did you really allow „Everyone“ to write to your S3 Bucket? You should use your AWS credentials as authorization, not allow everyone full access.

Collapse
devpato profile image
Pato Author • Edited

Yeah I did it on purpose.

1) AWS Allows public access to your s3, that's why that option exists, but you have to be careful depending on the app you are working on and what you want people to have access to. If you really care about security then yes, use authorization if you don't then authorization is irrelevant like in this tutorial.

2) I added an extra step just in case people care about having authorization when writing objects into the S3 bucket.

Collapse
ifavo profile image
Mario Micklisch

I think public write access should not be endorsed, especially when it’s unnecessary because you are authenticating in the backend. I fear some people will just follow the example without thinking about it.

Thread Thread
devpato profile image
Pato Author • Edited

Maybe I can do another tutorial that goes more in debt with security etc, but I want to keep this one as short as possible. As I mentioned at the beginning of the tutorial, if the requirements is to have have basic knowledge on NodeJS and AWS . I have erased those steps :) Thanks for the feedback

Thread Thread
ifavo profile image
Mario Micklisch

I think the article was otherwise great, looking forward for more :)

Thread Thread
devpato profile image
Pato Author

I appreciate your feedback. Feel free to let me know if you see anything else that looks sketch or wrong lol