Data rescue efforts often require a method for posting large files to S3 buckets for sharing. This server allows users to post files up to 5GB in size to S3 without needing AWS credentials or knowing how to use the command-line.
I'm still investigating doing multipart uploads from the browser, which would allow files larger than 5GB. I'll update this repo as progress is made.
In order for this to work you'll need two settings on the S3 side to be properly configured:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>[app url]</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
The second AllowedOrigin
should be the url of the server you're setting up, as described below. If, for example the app you posted was available at http://data-uploader.herokuapp.com
, you'd set the second CORSRule AllowedOrigin
to be that url, http://data-uploader.herokuapp.com
.
Posting this server to Heroku is the easiest way to get up & running publically. Make sure you have a free heroku account, and have installed the heroku CLI on your machine before starting.
heroku create [app-name]
.heroku config:set AWS_REGION=[bucket region] AWS_S3_BUCKET_NAME=[bucket name] AWS_ACCESS_KEY_ID=[access key] AWS_SECRET_ACCESS_KEY=[access secret]
git push heroku master
to push your code & start the server.http://[app-name].herokuapp.com
in your browser & test you're uploads.The server accepts configuration in two places, a config.json
file, and enviornment variables. Secrets such as the AWS_SECRET_ACCESS_KEY should always be set with enviornment variables.. If you're running this code locally it can be convenient to set these values in the config.json for testing purposes, but they should never be checked into the git repository.
To use burner credentials, first the EnableBurnerCredentials
configuration option must be true
in configuration. Additionally, the configured AWS account must be allowed to perform the sts:GetFederationToken
action. For more info, check the sample user policies.
This will open up an endpoint that you can issue GET requests to: /burner?object_name=example.zip&dir=example_directory&format=json
object_name
is the name of the file to upload. If the requested name is already in the bucket an untaken name will be returned.dir
param. If directories aren't specified this param will not be allowed.format=json
will return json of credentials only. If format
is left unspecified the returned format will be an HTML page with directions on how to use the credentials.