Google Developer Expert | Auth0 Ambassador | Media Developer Expert at Cloudinary | Twilio Champ | Technical Coach at SpringBoard | Google Women Techmaker | Postman Supernova | AWS | Microsoft MVP
1) AWS Allows public access to your s3, that's why that option exists, but you have to be careful depending on the app you are working on and what you want people to have access to. If you really care about security then yes, use authorization if you don't then authorization is irrelevant like in this tutorial.
2) I added an extra step just in case people care about having authorization when writing objects into the S3 bucket.
I think public write access should not be endorsed, especially when it’s unnecessary because you are authenticating in the backend. I fear some people will just follow the example without thinking about it.
Google Developer Expert | Auth0 Ambassador | Media Developer Expert at Cloudinary | Twilio Champ | Technical Coach at SpringBoard | Google Women Techmaker | Postman Supernova | AWS | Microsoft MVP
Maybe I can do another tutorial that goes more in debt with security etc, but I want to keep this one as short as possible. As I mentioned at the beginning of the tutorial, if the requirements is to have have basic knowledge on NodeJS and AWS . I have erased those steps :) Thanks for the feedback
Google Developer Expert | Auth0 Ambassador | Media Developer Expert at Cloudinary | Twilio Champ | Technical Coach at SpringBoard | Google Women Techmaker | Postman Supernova | AWS | Microsoft MVP
Did you really allow „Everyone“ to write to your S3 Bucket? You should use your AWS credentials as authorization, not allow everyone full access.
Yeah I did it on purpose.
1) AWS Allows public access to your s3, that's why that option exists, but you have to be careful depending on the app you are working on and what you want people to have access to. If you really care about security then yes, use authorization if you don't then authorization is irrelevant like in this tutorial.
2) I added an extra step just in case people care about having authorization when writing objects into the S3 bucket.
I think public write access should not be endorsed, especially when it’s unnecessary because you are authenticating in the backend. I fear some people will just follow the example without thinking about it.
Maybe I can do another tutorial that goes more in debt with security etc, but I want to keep this one as short as possible. As I mentioned at the beginning of the tutorial, if the requirements is to have have basic knowledge on NodeJS and AWS . I have erased those steps :) Thanks for the feedback
I think the article was otherwise great, looking forward for more :)
I appreciate your feedback. Feel free to let me know if you see anything else that looks sketch or wrong lol