Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
@aws-sdk/s3-presigned-post
Advanced tools
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/s3-presigned-post/latest.svg)](https://www.npmjs.com/package/@aws-sdk/s3-presigned-post) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/s3-presigned-post.svg)](https://www.npmjs.com/package/@
@aws-sdk/s3-presigned-post is a package that allows you to generate presigned POST URLs for Amazon S3. These URLs enable users to upload files directly to S3 without needing to expose AWS credentials or write server-side code to handle the uploads.
Generate Presigned POST URL
This feature allows you to generate a presigned POST URL for uploading files to an S3 bucket. The code sample demonstrates how to create a presigned POST URL with specific conditions, such as a content length range.
const { S3Client } = require('@aws-sdk/client-s3');
const { createPresignedPost } = require('@aws-sdk/s3-presigned-post');
const client = new S3Client({ region: 'us-west-2' });
const params = {
Bucket: 'example-bucket',
Key: 'example-object',
Expires: 60, // URL expiration time in seconds
Conditions: [
['content-length-range', 0, 1048576], // 1 MB limit
],
};
async function generatePresignedPost() {
try {
const data = await createPresignedPost(client, params);
console.log('Presigned POST URL:', data.url);
console.log('Fields:', data.fields);
} catch (err) {
console.error('Error generating presigned POST URL', err);
}
}
generatePresignedPost();
The 'aws-sdk' package is the official AWS SDK for JavaScript. It provides a comprehensive set of tools for interacting with AWS services, including S3. While it also allows you to generate presigned URLs, it is a much larger package with broader functionality compared to @aws-sdk/s3-presigned-post, which is focused specifically on presigned POST URLs.
The 's3-upload-stream' package is designed to facilitate streaming uploads to S3. It provides a writable stream that can be piped to, making it useful for handling large files or real-time data. Unlike @aws-sdk/s3-presigned-post, it does not generate presigned URLs but focuses on streaming data to S3.
This package provide a function generating URL and fields. Users without AWS credentials can use the URL and fields to to make a POST request to S3. The documentation for the server side feature can be found in S3 API Reference. Please read related sections for more context.
JavaScript Example:
const { createPresignedPost } = require("@aws-sdk/s3-presigned-post");
const { S3Client } = require("@aws-sdk/client-s3");
ES6 Example
import { createPresignedPost } from "@aws-sdk/s3-presigned-post";
import { S3Client } from "@aws-sdk/client-s3";
You can optionally attach a policy to a presigned post. It specifies a list of conditions that the request must meet. For example:
const Conditions = [{ acl: "bucket-owner-full-control" }, { bucket: "johnsmith" }, ["starts-with", "$key", "user/eric/"]];
Visit S3 POST documentation
for supported policy elements. If you include a condition, you must specify the valid value in the Fields
parameter
as well. A value will not be added automatically to the fields dictionary according to the conditions.
Users can generate required url and fields for POST request:
const client = new S3Client({ region: "us-west-2" });
const Bucket = "johnsmith";
const Key = "user/eric/1";
const Fields = {
acl: "bucket-owner-full-control",
};
const { url, fields } = await createPresignedPost(client, {
Bucket,
Key,
Conditions,
Fields,
Expires: 600, //Seconds before the presigned post expires. 3600 by default.
});
The Bucket
, Key
and other values in Fields
must meet the conditions specified in Conditions
. The Key
can also
contain ${filename}
that will be automatically replaced by the name of the file provided. See the S3 reference
for more information.
You can also post a file with HTML form:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<!-- Copy the 'url' value returned by createPresignedPost() -->
<form action="URL_VALUE" method="post" enctype="multipart/form-data">
<!-- Copy the 'fields' key:values returned by S3Client.generate_presigned_post() -->
<input type="hidden" name="key" value="VALUE" />
<input type="hidden" name="AWSAccessKeyId" value="VALUE" />
<input type="hidden" name="policy" value="VALUE" />
<input type="hidden" name="signature" value="VALUE" />
File:
<input type="file" name="file" /> <br />
<input type="submit" name="submit" value="Upload to Amazon S3" />
</form>
</body>
</html>
In Node.js, use form-data
package to post a file:
const { createReadStream } = require("fs");
const FormData = require("form-data");
const form = new FormData();
Object.entries(fields).forEach(([field, value]) => {
form.append(field, value);
});
form.append("file", createReadStream("path/to/a/file"));
form.submit(url, (err, res) => {
//handle the response
});
3.649.0 (2024-09-10)
FAQs
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/s3-presigned-post/latest.svg)](https://www.npmjs.com/package/@aws-sdk/s3-presigned-post) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/s3-presigned-post.svg)](https://www.npmjs.com/package/@
The npm package @aws-sdk/s3-presigned-post receives a total of 205,706 weekly downloads. As such, @aws-sdk/s3-presigned-post popularity was classified as popular.
We found that @aws-sdk/s3-presigned-post demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.