@malanius/strapi-provider-upload-aws-s3-cloudfront
Description
This version of provider is identical with the offical one here, the only difference being that the ACL: 'public-read' config is removed when CDN url parameter is present. It's essentially combination of following providers that each deals only with one part of the problem:
- cristian-rita/strapi-provider-upload-aws-s3-private
- shadab-hashmi/strapi-provider-upload-aws-s3-cdn-acl-enabled
Installation
# using yarn
yarn add @malanius/strapi-provider-upload-aws-s3-cloudfront
# using npm
npm install @malanius/strapi-provider-upload-aws-s3-cloudfront
Configurations
Your configuration is passed down to the provider. (e.g: new AWS.S3(config)
). You can see the complete list of options here
See the using a provider documentation for information on installing and using a provider. And see the environment variables for setting and using environment variables in your configs.
Provider Configuration
./config/plugins.js
module.exports = ({ env }) => ({
// ...
upload: {
config: {
provider: 'strapi-provider-upload-aws-s3-cdn', // full name is required
providerOptions: {
accessKeyId: env('AWS_ACCESS_KEY_ID'),
secretAccessKey: env('AWS_ACCESS_SECRET'),
region: env('AWS_REGION'),
params: {
Bucket: env('AWS_BUCKET'),
},
cdnUrl: env("CDN_URL"), // Optional CDN URL - include protofol and trailing forward slash, e.g. 'https://assets.example.com/'
},
},
},
},
// ...
});
This is also working with IAM roles. You just need to omit the accessKeyId and secretAccessKey and AWS SDK will automatically select the IAM credentials.
module.exports = ({ env }) => ({
// ...
upload: {
provider: 'aws-s3-private',
providerOptions: {
region: env('AWS_REGION'),
params: {
Bucket: env('AWS_BUCKET'),
},
cdnUrl: env("CDN_URL"), // Optional CDN URL - include protofol and trailing forward slash, e.g. 'https://assets.example.com/'
},
},
},
// ...
});
Security Middleware Configuration
Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy
settings to properly see thumbnail previews in the Media Library. You should replace strapi::security
string with the object bellow instead as explained in the middleware configuration documentation.
./config/middlewares.js
module.exports = [
// ...
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
'connect-src': ["'self'", 'https:'],
'img-src': [
"'self'",
'data:',
'blob:',
'yourBucketName.s3.yourRegion.amazonaws.com', // for public buckets
'cdn.url', // for private bucket behind CDN
],
'media-src': [
"'self'",
'data:',
'blob:',
'yourBucketName.s3.yourRegion.amazonaws.com', // for public buckets
'cdn.url', // for private bucket behind CDN
],
upgradeInsecureRequests: null,
},
},
},
},
// ...
];
Required AWS Policy Actions
These are the minimum amount of permissions needed for this provider to work.
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:PutObjectAcl"
],