S3

Amazon Simple Storage Service

S3 is a cloud storage service. The basic storage units of Amazon S3 are objects which are organized into buckets. Each object is identified by a unique, user-assigned key. Objects and buckets can be managed using either the console provided by Amazon S3, programmatically using the AWS SDK, or with the Amazon S3 REST API. Requests to the API are authorized using an access control list associated with each object bucket. The service also supports versioning.

File Upload

In web applications, files can be uploaded directly from a user browser to S3, which avoids a unnecessary upload to the application server.

Some security measures must however be respected. The CORS policy of the S3 bucket into which the file is uploaded must be adapted to accept requests made from the web application. Here is an example of CORS configuration to accept requests made from localhost:3000 (for a development environment):

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>http://localhost:3000</AllowedOrigin>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <ExposeHeader>Location</ExposeHeader>
    <AllowedHeader>Content-Type</AllowedHeader>
    <AllowedHeader>x-amz-acl</AllowedHeader>
    <AllowedHeader>origin</AllowedHeader>
    <AllowedHeader>accept</AllowedHeader>
</CORSRule>
</CORSConfiguration>

In order to authenticate the uploader, the upload request also needs to be presigned with the S3 credentials of the user owning the upload bucket. See https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html and https://adopted-ember-addons.github.io/ember-file-upload/docs/aws for more information about how to upload files using presigned urls.