I need a way to access my S3 bucket without secret and access keys, specifically in ruby. language.
I have tried to initialize this ways3_obj = Aws::S3:Resource.new.
None of the methods is suitable for my condition, I don't even know if it's possible.
SDK to be used: aws-sdk-s3
Related
For example: example.com.s3-website-us-east-1.amazonaws.com?
How can I get this value programmatically via the SDK? I can't seem to find it:
link to docs: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3.html
The value doesn't appear to be exposed by the S3 API, itself.
It is, however, easily derived from the bucket location, which is accessible via the S3 REST API, though it isn't obvious from skimming the docs whether this is implemented in the Ruby SDK, either, in spite of its presence in the underlying API. I didn't find it.
But the web site endpoints are always in this form:
${bucket}.s3-website-${region}.amazonaws.com
In us-east-1, as shown in the screen shot, the endpoint for a bucket named example.com fits this pattern, example.com.s3-website-us-east-1.amazonaws.com.
http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
I'm new to both node, fine uploader and aws.
i'm trying to use the examples to upload to S3, using the s3handler.js example.
at the top of the file you set up the serverPublicKey, which i understand, the serverSecretKey, which i understand, but there is also a variable for 'clientSecretKey', I don't understand what this variable needs to be? does it have some sort of relationship with the clientpublickey which is used in the frontend javascript? I can't see any explanation of what the 'clientSecretKey' is
When you provision credentials for your uploader, you should have two pairs of keys: server-side, and client-side. The client-side keys should be heavily restricted. Only the most necessary privileges should be assigned to this IAM role/user. The server-side keys can be associated with an administrative-level user, if you prefer. In other words, create a client-side role that is specific to the operations that must be performed client-side by Fine Uploader. You can re-use an existing administrative-level user for all server-side tasks.
I have an EC2 instance that runs Laravel 5.1. I am using an S3 bucket through Laravel's api:
AMAZON_KEY=key
AMAZON_SECRET=secret
AMAZON_REGION=us-west-2
AMAZON_S3_BUCKET=my_app_bucket
But I already set up a ROLE that enables this box to use that particular bucket. Why do I also need a key and a secret? From an analysis of the code, it looks like Laravel always demands a key and a secret, so it would seem that I have to actually create an IAM user account with key/secret and use that for s3 access instead of using roles, which is preferred. Is there a way around this, or is this just how Laravel S3 access works?
A fix to use IAM credentials for filesystem, queue, and email was merged a few days ago, so upgrading to Laravel v5.1.7 should do the trick.
https://github.com/laravel/framework/pull/9558
As can be seen in this question, the Java SDK has a method to retrieve the current user based on the request's credentials. Is there a way to do something similar using the Ruby SDK?
I've tried AWS::IAM.new(creds).access_keys[creds[:access_key_id]], but that returns a simple object that answers nil to user or user_name, and my user doesn't have the iam:ListUsers permission so I can't enumerate the users collection.
Basically I need that information because I want to generate a self-approving policy to be attached to some new resources, and I need to fetch the ARN that my configured access key is associated with. Any suggestions?
You can get the current user using the client class. If you are using version 1 of the AWS SDK for Ruby, the aws-sdk gem:
iam = AWS::IAM::Client.new
iam.get_user
If you prefer to use the new version 2 AWS SDK for Ruby, just change the root namespace from AWS to Aws:
iam = Aws::IAM::Client.new
iam.get_user
Amazon recently allowed S3 buckets to be enabled as websites. Using the aws-s3 gem or something similar, is there a way to programmatically determine whether a given bucket is enabled as a website or not?
Edit: In addition, if a bucket is indeed a website, how would you obtain the endpoint url?
You can use the REST api to access, and set that option
http://docs.amazonwebservices.com/AmazonS3/latest/API/index.html?RESTBucketPUTwebsite.html
in your case use "GET Bucket website"
Extra points:
The endpoint would be just the bucket URL : example-bucket.s3.amazon.com