DEPRECATED: nog-s3
should not be used anymore. Use nog-multi-bucket
instead.
nog-s3
wraps just enough of the AWS SDK to implement nog-blob
. S3
exposes
only a few sync functions. Errors are translated to NogError.Error
. The
opts
are identical to params of the official AWS SDK:
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html.
configure()
updates the active configuration with the provided opts
:
accessKeyId
(String
, defaultMeteor.settings.AWSAccessKeyId
).secretAccessKey
(String
, defaultMeteor.settings.AWSSecretAccessKey
).region
(String
, defaultMeteor.settings.AWSBucketRegion
).signatureVersion
(s3
orv4
, defaultMeteor.settings.AWSSignatureVersion
orv4
):eu-central-1
requiresv4
.s3ForcePathStyle
(Boolean
, defaultMeteor.settings.AWSS3ForcePathStyle
orfalse
): URL format forfalse
is{bucket}.{region}...
; URL format fortrue
is{endpoint}/{bucket}
. The path style may be useful with alternative S3 implementations, like Ceph RadosGW.endpoint
(String
, defaultMeteor.settings.AWSEndpoint
): The endpoint must accept requests from the server and from client browsers.sslEnabled
(Boolean
, defaultMeteor.settings.AWSSslEnabled
ortrue
).ca
(String
, defaultMeteor.settings.AWSCa
): If present, must be an absolute path to a CA certificate bundle .pem file, which will be loaded and used instead of the CAs that are bundled with Node.
The key needs to have s3:PutObject
and s3:GetObject
rights on the S3 bucket
that is used by nog-blob
. The recommended approach to AWS permission
management is to use one AWS IAM user for the application and grant rights via
groups with inline policies (use the custom policy editor). For example:
User nog-app
.
Group nog-s3-get
with policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1420905603000",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::nog/*"
]
}
]
}
Group nog-s3-put
with policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1420905603000",
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::nog/*"
]
}
]
}
The S3 CORS configuration must allow any origin and expose the ETag header (see http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-configuring.html#Cross-Origin_Resource_Sharing__CORS_):
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>ETag</ExposeHeader>
</CORSRule>
</CORSConfiguration>
See http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#createMultipartUpload-property.
See http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#uploadPart-property.
See http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#getObject-property.
See http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#completeMultipartUpload-property.
See http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#abortMultipartUpload-property.