admin管理员组

文章数量:1406951

We are currently using AWS Cognito in our Angular application to connect to AWS S3. Besides using presigned URLs generated in the backend and the STS service, are there any other secure methods to connect an Angular app to S3?

The issue we're facing is that Cognito and STS services expose credentials, and presigned URLs have limitations with large file uploads(100 GB), even when using Multipart upload. We want to leverage the TransferUtility but are struggling to connect to the S3 client securely.

We are currently using AWS Cognito in our Angular application to connect to AWS S3. Besides using presigned URLs generated in the backend and the STS service, are there any other secure methods to connect an Angular app to S3?

The issue we're facing is that Cognito and STS services expose credentials, and presigned URLs have limitations with large file uploads(100 GB), even when using Multipart upload. We want to leverage the TransferUtility but are struggling to connect to the S3 client securely.

  • amazon-web-services
  • amazon-s3
Share asked Mar 7 at 14:06 user15814390user15814390 195 bronze badges 3
  • Are you really trying to upload 100GB with a browser? While possible this seems like an incredibly fragile approach. – stdunbar Commented Mar 7 at 21:51
  • System should scale up to 100 GB – user15814390 Commented Mar 8 at 1:48
  • A multipart upload using presigned URLs is subject to the same limits as a normal multipart upload, which is 5TB. – Anon Coward Commented Mar 9 at 21:57
Add a comment  | 

1 Answer 1

Reset to default 0

From a security perspective, using a serverless architecture like:

Angular App → API Gateway → Lambda Functions → AWS Services

is more secure than directly connecting Angular → AWS Services for several reasons. If Angular directly accesses AWS services, you need to expose credentials (e.g., IAM roles via Cognito, API keys, or temporary credentials).

In contrast, using API Gateway + Lambda ensures that AWS services are only accessible through controlled APIs, reducing the attack surface.

With a direct approach, Angular needs broad permissions, increasing risk if credentials are leaked. With Lambda + API Gateway, IAM permissions are tightly scoped to Lambda functions, reducing exposure.

API Gateway integrates with Cognito, IAM, or custom authorizers (Lambda) to enforce security.

本文标签: amazon s3Secure way to connect AWS services from Angular appStack Overflow

版权声明:本文标题:amazon s3 - Secure way to connect AWS services from Angular app - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744924976a2632539.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。