S3 Posts

post

People nowadays are becoming more intelligent, so better to protect our application's content/data from those who are calling themself hackers.
One of the best examples is the data URLs from AWS buckets. it's not a good idea to store sensitive data into a public AWS Bucket, as the URL is accessible by the people.

Of Course, you can store profile avatars and others data to the public bucket's that not contains any confidential information. so that's fine. 
But when it's about confidential information like PAN CARD Details, AADHAR Card Details, Bank Informations we Must Recommend using AWS Protected Bucket.

In this tutorial, we are going to show that how we can prevent that kind of case, Or how we can integrate AWS Protected Bucket in our Laravel Application.
 
The following code will help you to generate a pre-signed AWS URL that will prevent our data, that URL is non guessable and it will expire within some minutes/hours specified by us.

So let's start with some code :

            $s3 = \Storage::disk(config('filesystems.s3_protected_disk'));
    $client = $s3->getDriver()->getAdapter()->getClient();
    $expiry = "+1 minutes";
    $command = $client->getCommand('GetObject', [
        'Bucket' => \Config::get('filesystems.disks. s3_protected_disk.bucket'),
        'Key'    => 'Path to your file',
    ]);
    $request = $client->createPresignedRequest($command, $expiry);
	    return (string) $request->getUri();

So here we have created an s3 instance and it's stored on the $s3 variable, we have specified the expiry time as 1 minute so the given URL for data will be expired within a minute.
Also, we have to specify the bucket name and path to our protected file to generate AWS pre-signed URL.

it will return the pre-signed URL and its looks like as the following URL.

             https://pre-signed.s3.au-west-2.amazonaws.com/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxxxxxxx%2F20180210%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20210210T171315Z&X-Amz-Expires=60&X-Amz-Signature=xxxxxxxx&X-Amz-SignedHeaders=host

Hope this helps.


July 16, 20212 minutesauthorVishal Ribdiya