{"id":23456400,"url":"https://github.com/digitalcortex/aws-s3-uploads-setup-script","last_synced_at":"2025-04-11T05:57:27.219Z","repository":{"id":190241297,"uuid":"682224704","full_name":"digitalcortex/aws-s3-uploads-setup-script","owner":"digitalcortex","description":"Bash script that creates an S3 bucket together with CloudFront distribution for it. Designed for storing uploads of a web application","archived":false,"fork":false,"pushed_at":"2023-08-24T10:18:25.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-11T05:57:24.576Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/digitalcortex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-23T18:00:56.000Z","updated_at":"2023-08-24T08:08:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"83abb832-7ed8-4b97-9a11-3ee156daadae","html_url":"https://github.com/digitalcortex/aws-s3-uploads-setup-script","commit_stats":null,"previous_names":["digitalcortex/aws-s3-uploads-setup-script"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcortex%2Faws-s3-uploads-setup-script","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcortex%2Faws-s3-uploads-setup-script/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcortex%2Faws-s3-uploads-setup-script/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcortex%2Faws-s3-uploads-setup-script/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/digitalcortex","download_url":"https://codeload.github.com/digitalcortex/aws-s3-uploads-setup-script/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248351406,"owners_count":21089271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-24T04:31:12.743Z","updated_at":"2025-04-11T05:57:27.211Z","avatar_url":"https://github.com/digitalcortex.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Setup S3 storage for file uploads in seconds\n**script.sh** creates everything needed for storing web app uploads and making them available via Cloudfront:\n- S3 bucket with policy allowing Cloudfront to access the contents\n- Cloudfront distribution for serving files from S3 bucket\n- Origin Access Control for connecting Cloudfront distribution with an S3 bucket\n- Cloudfront signer public key and key group for protecting private files with signed URLs\n\n**request-certificate.sh** creates an SSL certificate issued by Amazon. Needs manual DNS validation\n\n**generate-signer.sh** creates a key that you can use to sign Cloudfront URLs for providing access to protected private files\n\n*Ensure you have a AWS CLI configured with your credentials before running \"script.sh\" and \"request-certificate.sh\".*\n\n## How to use\n### Step 1. Allow execution on Linux \u0026 Mac OS:\nFirst time setup command:\n```\nchmod +x script.sh \u0026\u0026 chmod +x request-certificate.sh \u0026\u0026 chmod +x generate-signer.sh\n```\n### Step 2. Generate signer keys for protecting uploads that require authentication for access (optional)\n```\ngenerate-signer.sh\n```\nThe script will ask for the name of the file where to put the generated key. You'll find the key in the \"signer-key\" folder.\n\nExample output:\n```\ngenerate-signer.sh\nEnter file name: test\nwriting RSA key\n```\nScript saves the public key to \"signer-key/test_pub.pem\" and the private key to \"signer-key/test.pem\". Use private key on a backend to create signed URLs for letting authenticated users view the protected files\n\n### Step 3. Create an SSL certificate when using custom domain for accessing your uploads (optional)\nYou may skip this step if you are not planning to connect your Cloudfront distribution to your own domain and just use default domain name provided by Amazon.\n\nHowever if you're interested in serving your uploads with URL looking like this \"https://cdn.mycustomdomain.com/*\" then do following:\n```\nrequest-certificate.sh\n```\nThe script will ask for the domain name that you want to create your SSL certificate for. Keep the default \"us-east-1\" region in the script because Cloudfront will only allow certificates generated in \"us-east-1\" region even if your S3 bucket is in another region.\n\nExample output:\n```\nrequest-certificate.sh\nEnter domain: cdn.mycustomdomain.com\n{\n    \"CertificateArn\": \"arn:aws:acm:us-east-1:********:certificate/*******-****-****-****-************\"\n}\n```\nVisit your Amazon console and copy the validation DNS settings to your domain settings. Wait for Amazon to issue an SSL certificate for your domain and save the CertificateARN, you'll need it later.\n\n### Step 4. Create bucket and Cloudfront distribution\nSet env variables and run the script.sh\n\nList of all env variables with example values:\n```\n// Name of the bucket to create\nAWS_BUCKET=\"test\"\n\n// Region where bucket will store the data\nAWS_REGION=\"us-east-1\" \n\n// Custom domain. If not needed, set it to \"null\" without quotes\nCF_DOMAIN=\"cdn.mycustomdomain.com\"\n\n// ARN of a verified SSL certificate that you created during step 3.\n// Needed only when you set CF_DOMAIN \nACM_CERTIFICATE_ARN=\"arn:aws:acm:us-east-1:********:certificate/*******-****-****-****-************\"\n\n// Public key of a signer. If you want to make all files public,\n// set it to \"null\" without quotes\nSIGNER_PUBLIC_KEY_PATH=\"signer-key/test_pub.pem\"\n\n// If you provided SIGNER_PUBLIC_KEY_PATH variable during setup,\n// the script will create two Cloudfront cache behaviours:\n// \"\\*\" for protecting private files that require signed URL\n// and \"public/\\*\" for keeping files that don't need any protection.\n```\nThe script will request user input for missing env variables.\n\nExample without custom domain and with private files:\n```\nAWS_BUCKET=test-53825985928 AWS_REGION=eu-west-2 CF_DOMAIN=null SIGNER_PUBLIC_KEY_PATH=signer-key/test_pub.pem ./script.sh\n```\n\nExample without custom domain and with all files publicly available:\n```\nAWS_BUCKET=test-53825985928 AWS_REGION=eu-west-2 CF_DOMAIN=null SIGNER_PUBLIC_KEY_PATH=null ./script.sh\n```\n\nExample with custom domain and with private files:\n```\nAWS_BUCKET=test-53825985928 AWS_REGION=eu-west-2 CF_DOMAIN=cdn.mycustomdomain.com ACM_CERTIFICATE_ARN=arn:aws:acm:us-east-1:********:certificate/*******-****-****-****-************ SIGNER_PUBLIC_KEY_PATH=signer-key/test_pub.pem ./script.sh\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigitalcortex%2Faws-s3-uploads-setup-script","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdigitalcortex%2Faws-s3-uploads-setup-script","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigitalcortex%2Faws-s3-uploads-setup-script/lists"}