...
The Amazon S3 Module provides three functions and two actions.
getValue function
getValue takes one parameter. This parameter type is a string that is encoded as a Data URI.
...
Code Block | ||
---|---|---|
| ||
rule getValue is active { select when pageview ".*" setting () pre { image = << data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA UAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIB KE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg== >>; base64EncodedData = AWSS3:getValue(image); // Evaluates to iVBORw0KGgoAAAA... } noop(); } |
getType function
getType takes one parameter. This parameter type is a string encoded as a Data URI.
...
Code Block | ||
---|---|---|
| ||
rule getType is active { select when pageview ".*" setting () pre { image = << data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA UAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIB KE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg== >>; mimetype = AWSS3:getType(image); // Evaluates to image/png } noop(); } |
makeAwsUrl(bucket, object_name)
This is a convenience function that calculates the AWS URL from a given bucket and object name. This is useful for determining where AWS stored the item and allows programmers to not hardcode URL strings in their code that might change.
upload action
The upload action is currently the only action available in the Amazon S3 Module. It takes three parameters, the bucket, the object_name and the object_value.
...
Code Block | ||
---|---|---|
| ||
rule upload is active { select when pageview ".*" setting () pre { text = "This is a test upload"; } { AWSS3:upload("kynetx_example", "kynetx_example_upload.txt", text); } } |
Using the base64 functions, we can also upload images. Do it, like so:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
rule upload is active { select when pageview ".*" setting () pre { image = << data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA UAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIB KE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg== >>; } { AWSS3:upload("kynetx_example", "testuploaddata.png", this2that:base642string(AWSS3:getValue(image))) with object_type = AWSS3:getType(image); } } |
del action
The delete action takes two parameters, the bucket
and the object_name
.
...
Code Block | ||
---|---|---|
| ||
rule upload is active { select when pageview ".*" setting () { AWSS3:del("kynetx_example", "kynetx_example_upload.txt"); } } |
Security Considerations
There are a few things you should do to make this more secure. You should take every precaution to ensure that keys are not exposed by their use in KRL. This can be difficult since KRL rulesets are read from URLs by the engine. You should also limit what each AWS key can do to just the tasks that it needs to perform to do its work. Here are some suggestions:
- Create a separate user in AWS for each project.
- Create a access key and secret for that user
- Create a policy for that user that only allows access to the specific AWS resources (e.g. buckets) needed by the project. See the AWS Policy Generator for more information.
- Put the developer key and secret in a protected key module and provide them just to the rulesets that need them. Do not put them in the same ruleset as the code using them as shown in the examples on this page unless those rulesets will be protected. An example can be see in the Maintenance Service for Fuse.
Example Ruleset
Code Block | ||
---|---|---|
| ||
ruleset a41x175 { meta { name "TestAmazonS3Module" description << TestAmazonS3Module >> author "Jessie A. Morris" // Uncomment this line to require Marketplace purchase to use this app. // authz require user logging on key aws { "AWSAccessKey": "YOURACCESSKEYHERE", "AWSSecretKey": "YOURSECRETKEYHERE" } use module a41x174 alias AWSS3 with AWSKeys = keys:aws() } dispatch { // Some example dispatch domains // domain "example.com" // domain "other.example.com" } global { image = << data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA UAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIB KE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg== >>; } rule getValue is active { select when pageview ".*" setting () pre { base64EncodedData = AWSS3:getValue(image); } noop(); } rule getType is active { select when pageview ".*" setting () pre { mimetype = AWSS3:getType(image); } noop(); } rule upload is active { select when pageview ".*" setting () pre { text = "This is a test upload"; } { AWSS3:upload("jessiemorristest", "testuploaddata.png", this2that:base642string(AWSS3:getValue(image)) ) with object_type = AWSS3:getType(image); } } } |
Tests
The AWSS3 module is tested by the this code.