top | item 19589335

Amazon S3: How can I secure uploads from a public page?

2 points| pankyj | 7 years ago

I have heard about buckets being open to the public and hacked. As a developer, I am building a public facing website where anyone can upload photos. I am using something called 'Identity pool' with access to unauthenticated identities.

I got a CognitoIdentityCredentials which I use to upload photos via js to the bucket. My bucket has origins set to my website domain and allows all requests for this. The images uploaded to this bucket are ACL: 'public-read'.

Is this configuration secure? If not, in what way can someone with malicious intent break my bucket / website or steal my bucket data.

1 comment

pankyj|7 years ago

Anyone?