S3 Uploading

Using Laravel, Laravel Sanctum, Amazon AWS S3 and Postman I sketch out how a user can upload media content and a timeline file to the cloud to be shared between users.

S3 Uploading using a Token Vending Machine Approach

Video

Process

  1. Register a User.
  2. Request a Token for the authenticated User.
  3. Request Temporary Credentials to upload to a S3 Bucket using the Token.
  4. Upload to the S3 Bucket using the Temporary Credentials.

Thoughts

  • The Bearer Token placed in the Authorisation header of a HTTP Request is used for all API calls and allows for a secure point of entry.
  • The S3 credentials received from the web application should provide the smallest amount of scope, hence why the Temporary Credentials that allows for roles to be assumed isn’t given to the mobile application.
  • Not all Users will have access to upload to a teams repository, as such authorisation needs to happen on a per user per team basis.

References

Carl@AWS. 2010. Authenticating Users of AWS Mobile Applications with a Token Vending Machine [online]. Available at: https://aws.amazon.com/articles/authenticating-users-of-aws-mobile-applications-with-a-token-vending-machine/ [accessed 30 June 2020].