Right now I am using the javascript SDK to access my s3 bucket and it works fine but I have hard-coded all my credentials in the javascript directly but in the SDK they are saying you can store these in the AWS.config object and I dont know how to do this. Also, the online resources are not informative so can someone please let me know how to do this or any other better way to do this instead of hard-coding the credentials?
<script type="text/javascript">
AWS.config.accessKeyId = 'dddddddddd';
AWS.config.secretAccessKey = 'rrrrrrrrrrrrrrrreeeeeeeeeeeeeeeeeeeee';
AWS.config.region = 'us-east-1';
// create the AWS.Request object
var bucket = new AWS.S3({ params: { Bucket: 'some.bucket' } });
bucket.listObjects(function (err, data) {
if (err) {
document.getElementById('status').innerHTML =
'Could not load objects from S3';
} else {
document.getElementById('status').innerHTML =
'Loaded ' + data.Contents.length + ' items from S3';
for (var i = 0; i < data.Contents.length; i++) {
document.getElementById('objects').innerHTML +=
'<li>' + data.Contents[i].Key + '</li>';
}
}
});
</script>
Right now I am using the javascript SDK to access my s3 bucket and it works fine but I have hard-coded all my credentials in the javascript directly but in the SDK they are saying you can store these in the AWS.config object and I dont know how to do this. Also, the online resources are not informative so can someone please let me know how to do this or any other better way to do this instead of hard-coding the credentials?
<script type="text/javascript">
AWS.config.accessKeyId = 'dddddddddd';
AWS.config.secretAccessKey = 'rrrrrrrrrrrrrrrreeeeeeeeeeeeeeeeeeeee';
AWS.config.region = 'us-east-1';
// create the AWS.Request object
var bucket = new AWS.S3({ params: { Bucket: 'some.bucket' } });
bucket.listObjects(function (err, data) {
if (err) {
document.getElementById('status').innerHTML =
'Could not load objects from S3';
} else {
document.getElementById('status').innerHTML =
'Loaded ' + data.Contents.length + ' items from S3';
for (var i = 0; i < data.Contents.length; i++) {
document.getElementById('objects').innerHTML +=
'<li>' + data.Contents[i].Key + '</li>';
}
}
});
</script>
-
For anyone still visiting this,
accessKeyIdandsecreteAccessKeyis deprecated. I chose to use this method: docs.aws.amazon./sdk-for-javascript/v2/developer-guide/… – Kevin Danikowski Commented Feb 27, 2018 at 3:59
3 Answers
Reset to default 1I think a better way is to store it in ~/.aws/credentials. You can do that by creating the file or using aws configure with the cli mand, answer the questions and it will generate this file:
[default]
aws_access_key_id = THEACCESSKEYHERE
aws_secret_access_key = THESECRETACCESSKEYHERE
and ~/.aws/config:
[default]
output = json (or whatever you prefer here)
region = us-east-1 (or whatever region you are using)
This works without having to manually add it for each mand or call to the AWS you require.
I believe this is not supported in the browser. The AWS Javascript SDK is fully supported on node.js.
Read this: http://docs.aws.amazon./AWSJavaScriptSDK/latest/AWS.html
It kind of makes sense, since nobody would want to expose private authentication/authorization information in public.
If you want to get fancy you could potentially pass the credentials using JSONP from another server (http://en.wikipedia/wiki/JSONP) and restrict access to certain clients using a firewall, but it can get kinda messy.
On a different note, why not expose the S3 bucket publicly for read access since the javascript on the browser is public anyways?
There is a way to achieve JS uploads in the browser without revealing your private credentials. It does however, require some server side logic.
See answer here: S3 upload directly in JavaScript