NodeJS Multer-S3 can upload to S3 without using credentials?

0
votes

I'm a little bit lost as to what's going on, I've been trying to solve this for a few days now. I'm trying to only allow my IAM user to upload an image with public access to read. However, I can comment out the IAM user credentials from AWS-SDK and it would still upload to my S3 bucket with no problem. This is not how I intended it to work. I have a feeling it's my policies but I'm not really sure where to start.

Here are the AWS-SDK credentials being commented out in my code

Here is the code for uploading an image to S3

Here is another piece of code used for uploading an image

For some reason, this is enough to upload to my S3 bucket. Just to clarify, I want to make sure the file is being uploaded only if it has the proper credentials. Currently, the file is being uploaded even when S3 credentials are commented out.

The following are my AWS S3 policies/permissions.

AWS public access bucket settings (my account settings also look like this, since those settings override the buckets settings)

AWS bucket policy

Bucket ACL

Bucket Cors

If you can point me in the right direction, that'll be fantastic. I'm pretty new to using AWS S3 and am a little lost.

Thanks a bunch.

1
node.jsamazon-web-servicesamazon-s3multermulter-s3
have you tired commenting out the credentails and then starting the server, that way they wont be cached, prior to being commented out?Erykj97
Yup. Tried commented it out. I even tried using another test application to see if it was being cached to my application but it wasn't.Ivan Yu

1 Answers

0
votes

this happened to me as well. if there are no credentials in your code, it will default to using those in your .aws directory if you have credentials stored there on your local filesystem.