node.jstypescriptamazon-web-servicesamazon-s3pre-signed-url

S3 presigned url access denied


I have this code:

import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3'
import { getSignedUrl } from '@aws-sdk/s3-request-presigner'
import { Constants } from './constants'

const config = {
  region: Constants.BUCKET_REGION,
  credentials: {
    accessKeyId: Constants.BUCKET_ACCESS_KEY_ID,
    secretAccessKey: Constants.SECRET_ACCESS_KEY
  }
}

const s3 = new S3Client(config)

const generateS3UploadUrl = async (key: string): Promise<string> => {
  const command = new PutObjectCommand({
    Bucket: process.env.BUCKET_NAME,
    Key: key,
    ContentType: 'image/jpeg'
  })

  const url = await getSignedUrl(s3, command, { expiresIn: 3600 })
  return url
}

export { generateS3UploadUrl }

I can generate presigned urls successfully, but when i try to use them i can't, i get "Access Denied". My bucket configuration it's default.

I don't care if the bucket is public, i want to be able to store and get the files using presigned urls


Solution

  • I solved it disabling the Public Access Block in permissions and using this bucket policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "s3:GetObject",
                    "s3:PutObject"
                ],
                "Resource": "arn:aws:s3:::bucket-name/*"
            }
        ]
    }