qoomon
commented
2 years ago Currently there is no support for private buckets.
Closed Dhyanesh97 closed 2 years ago
qoomon
commented
2 years ago Currently there is no support for private buckets.
karanaizen
commented
2 years ago Thank you for this project, it is brilliant.
I was able to get this working with a private S3 bucket sitting behind Cloudfront + WAF with an IP block rule to only allow certain IP addresses
In the index.html, adding the cloudfront URL value to the bucketURL worked
bucketUrl: 'https://<something>.cloudfront.net
Of-course i had to make other changes as described in the readme. Thank you for this project
qoomon
commented
2 years ago Glad to hear that.
tcarrondo
commented
2 years ago @karanaizen can you elaborate your solution for serving private buckets?
karanaizen
commented
2 years ago hey @tcarrondo
I added notes on how to fix this above: in short i used CloudFront + AWS WAF. The WAF is used to only allow access to CloudFront via allowed IP's
In the index.html, add the cloudfront URL value to the bucketURL.
bucketUrl: 'https://<something>.cloudfront.net
x3LPh0r
commented
9 months ago @karanaizen I have been struggling getting bucket browser to work with a private bucket using OAC with cloudfront. I have tried the url utilizing the cloudfront url as you mentioned previously, as well as other links but it never works. Using the cloudfront url the page loads but objects from the bucket don't and I get the error:
Bucket URL https://********.cloudfront.net is not a valid bucket API URL, response does not contain <'ListBucketResult'><'Delimiter'> tag.
(which is line 432 in the index.)
The only way I have been able to get cf to work with bucket browser is making it public not using OAC, configuring s3 as a static website and using the website endpoint in cf and making the bucket public (which I'm trying to avoid).
Are you able to elaborate more on how you got a private bucket working with cloudfront? Share any file(s) or more configuration information? Not sure what I'd be missing as everything doesn't seem to work .I also tried the solution someone else mentioned using a cloudfront function which didn't seem to work either. Thank you.
karanaizen
commented
9 months ago Howdy @x3LPh0r,
the way i got this working with a Private S3 bucket was: 1 -keep bucket private. 2 - Use Cloudfront. 3 - Use a WAF as well. ( WAF has a simple ACL to only allow a few IP addresses )
I'm uploading some of the config (S3 + CDN) i have used in case it helps.
the only change that has been made to index.html file is in the <head> section to update the Bucket URL to the cloudfront urls like
bucketUrl: 'https://********.cloudfront.net'
If you still have issues, another solution that you could do is make the bucket Public but protect it via a WAF with a fixed IP set.
Hope this helps
Bucket has to be public in order to work with s3-bucket-brower ?
I have added CORS Configuration and bucket policy. But anyone can download files within the bucket programmatically.
Use Case: Implemented s3-static-website + cloud-front with labda@Edge + aws congnito. cloud-front url is authenticated with cognito to show the static-website.
Even though we have enable authentication at browser level for static website, files can be accessed programmatically from anywhere.
Could you please suggest a way how we can restrict the same ?