...
| Code Block |
|---|
|
rule upload is active {
select when pageview ".*" setting ()
{
AWSS3:del("kynetx_example", "kynetx_example_upload.txt");
}
} |
Security Considerations
There are a few things you should do to make this more secure.
- Create a separate user in AWS for each project.
- Create a access key and secret for that user
- Create a policy for that user that only allows access to the specific AWS resources (e.g. buckets) needed by the project. See the AWS Policy Generator for more information.
- Put the developer key and secret in a protected key ruleset and provide them just to the rulesets that need them.
Example Ruleset
| Code Block |
|---|
|
ruleset a41x175 {
meta {
name "TestAmazonS3Module"
description <<
TestAmazonS3Module
>>
author "Jessie A. Morris"
// Uncomment this line to require Marketplace purchase to use this app.
// authz require user
logging on
key aws {
"AWSAccessKey": "YOURACCESSKEYHERE",
"AWSSecretKey": "YOURSECRETKEYHERE"
}
use module a41x174 alias AWSS3
with AWSKeys = keys:aws()
}
dispatch {
// Some example dispatch domains
// domain "example.com"
// domain "other.example.com"
}
global {
image = <<
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA
UAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIB
KE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==
>>;
}
rule getValue is active {
select when pageview ".*" setting ()
pre {
base64EncodedData = AWSS3:getValue(image);
}
noop();
}
rule getType is active {
select when pageview ".*" setting ()
pre {
mimetype = AWSS3:getType(image);
}
noop();
}
rule upload is active {
select when pageview ".*" setting ()
pre {
text = "This is a test upload";
}
{
AWSS3:upload("jessiemorristest", "testuploaddata.png",
this2that:base642string(AWSS3:getValue(image))
)
with object_type = AWSS3:getType(image);
}
}
}
|
...