New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

strapi-provider-upload-aws-s3-charged

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

strapi-provider-upload-aws-s3-charged

AWS S3 provider for strapi upload

4.0.0
latest
Source
npm
Version published
Maintainers
1
Created
Source

strapi-provider-upload-aws-s3-charged

Resources

  • LICENSE

Links

Installation

# using yarn
yarn add @strapi/provider-upload-aws-s3-charged

# using npm
npm install @strapi/provider-upload-aws-s3-charged --save

Configurations

Your configuration is passed down to the provider. (e.g: new AWS.S3(config)). You can see the complete list of options here

See the using a provider documentation for information on installing and using a provider. And see the environment variables for setting and using environment variables in your configs.

Example

./config/plugins.js

module.exports = ({ env }) => ({
  // ...
  upload: {
    provider: 'aws-s3',
    providerOptions: {
      accessKeyId: env('AWS_ACCESS_KEY_ID'),
      secretAccessKey: env('AWS_ACCESS_SECRET'),
      region: env('AWS_REGION'),
      acl: env('AWS_ACL'), // one of ["private", "public-read", "public-read-write", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control"]
      customDomain: env('CUSTOM_DOMAIN'),
      pathPrefix: env('UPLOAD_FOLDER'), // with trailing slash
      params: {
        Bucket: env('AWS_BUCKET'),
      },
    },
  },
  // ...
});

Security Middleware Configuration

Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy settings to properly see thumbnail previews in the Media Library. You should replace strapi::security string with the object bellow instead as explained in the middleware configuration documentation.

./config/middlewares.js

module.exports = [
  // ...
  {
    name: "strapi::security",
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          "connect-src": ["'self'", "https:"],
          "img-src": ["'self'", "data:", "blob:", "yourBucketName.s3.yourRegion.amazonaws.com"],
          "media-src": ["'self'", "data:", "blob:", "yourBucketName.s3.yourRegion.amazonaws.com"],
          upgradeInsecureRequests: null,
        },
      },
    },
  },
  // ...
];

Required AWS Policy Actions

These are the minimum amount of permissions needed for this provider to work.

"Action": [
  "s3:PutObject",
  "s3:GetObject",
  "s3:ListBucket",
  "s3:DeleteObject",
  "s3:PutObjectAcl"
],

Keywords

upload
aws
s3
strapi

FAQs

Package last updated on 06 Dec 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket and Seal Security Collaborate to Fix Critical npm Overrides Bug

Security News

Socket and Seal Security Collaborate to Fix Critical npm Overrides Bug

Socket and Seal Security collaborate to fix a critical npm overrides bug, resolving a three-year security issue in the JavaScript ecosystem's most popular package manager.

By Sarah Gooding  -  Mar 11, 2025