Clarification on where to put Keys ACCESS/SECRET
gateway opened this issue · comments
I think it would be great to clarify where these keys can be put in order to remove them from the config for the s3 file adaptor.
Reading the docs there are a few ways and some people may not have options to do one over the other.
For example using the AWS CLI may not work for people using Heroku, which leads to the question can a user add these then into the Heroku Admin/Environment area?
From Docs:
Environment Variables – AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.
AWS_ACCESS_KEY_ID=xxxx
AWS_SECRET_ACCESS_KEY=xxx
I'm going to make the assumption this works or will work..
Label: Documentation clarification.
Do you want to update the docs? @acinader it seems that this may have changed recently, can you help clarify?
I am very confused on this. We are hosted on Heroku and things have been working great. We have S3 configured and currently working. I have a User configured with an access key id and secret with the correct permissions to access the bucket. However, the directions are to configure the AWS_ACCESS_KEY_ID and SECRET. Are these simply added to the server level or do I need to configure something else for this to work? Do I need to add these in the ParseServer declaration with: awsAccessKeyId: process.env.AWS_ACCESS_KEY_ID or something similar? After this is understood I'm happy to help update the docs.
+1
I'm on Heroku and am confused about how to get this working. As of now, I've removed the S3Adapter per the deprecation notice, set S3_BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and S3_SIGNATURE_VERSION as environment variables but it's not working.
I think you still need the adapter for it to work. However, they don't want you hard coding the id and key into the adapter. It looks like they are trying to secure this at the server level but I'm wondering if this just hasn't been added? For now I've left it in as it was working before. We can't afford to change it until we know it's working.
I think the confusion is with Heroku or any other system that you can sent environment variables, are these being used.. If so what are the proper names and what variables you need to get them to work.
@duffek Okay that makes sense. I now have only filesAdapter: "parse-server-s3-adapter" set when I initialize parse server. This is working with the environment variables I mentioned and I do not get the deprecation notice.
I think what got me confused was comparing documentation between Parse Server Guide and the parse-server-s3-adapter readme. It seemed to me that the adapter would automatically be loaded if I have the environment variables set, so I removed the filesAdapter param entirely.
In Parse Server Guide, it gives you a choice between "USING ENVIRONMENT VARIABLES" and "PASSING AS OPTIONS" so maybe it should be more clear that you need to pass filesAdapter: "parse-server-s3-adapter" in the options when using environment variables.
@flovilmart - It's not clear to me how I should set up the new adapter. I'd imagine that this new adapter pulls access/secret key straight from aws config that we set with "aws configure" command (instead of having to explicitly pass the values). However, I am receiving "missing credentials in config" error. I think this may be due to the fact that AWS stores credentials (keys) in .aws/credentials while region name is stored in .aws/config. Since the sdk is not able to find keys in .aws/config it displays the error. I talked to AWS support folks and they recommend against putting keys in .aws/config. Would you be able to provide guidance on this matter?
@devKC the adapter depends on the AWS SDK and should load them. You could test just using the SDK to connect to your S3 bucket and that way you could remove any adapter problems and confirm your setup.
I am running the adapter locally with just the ~/.aws/ and its working fine. Here's the doc: http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/configuring-the-jssdk.html
@acinader - I apologize, I should have clarified. I'm not explicitly requiring AWS SDK in my own app (non AWS host, nodejs). I am using AWS indirectly by using the parse-server-s3-adapter module which leverages AWS SDK. Should I be requiring AWS SDK in my own app and using config file along with something like "AWS.config.loadFromPath('./config.json')"? Please let me know if I'm not understanding something properly.
no, you don't need to require the sdk, and you do not need to loadFromPath
My point was that the sdk is what is used by the adapter. So if you wanted to test your credentials setup, you COULD do that simply outside of your project with a simple AWS SDK test like: http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-started-nodejs.html
Which you should be able to run through in a couple of minutes and that would confirm your setup. You could take your test one step further by then using the s3 client in the sdk to put something onto the bucket you're planning to use for your app and then you'll know for sure that you have the sdk and aws configured properly.
@acinader thanks for your detailed feedback. I think the part that was confusing is "aws configure" and how the parse server adapter module would be able to refer to the keys. Maybe I misunderstood the guide and I should be setting the keys as server environment variables? So for example, if I'm running on Heroku I would use heroku config:set AWS_ACCESS_KEY=xyz.
Yes, that seemed to be the case, thank you for your help!
hot! If there was something in the doc that would have helped, a pull request to improve the docs is always welcome.
For those using Heroku I thought I'd explain in full detail. Really it comes down to just a few steps. If you have a previous version setup you are going to switch your file adapter to just read:
filesAdapter: 'parse-server-s3-adapter',
(or whatever your installed package is)
Take out the require statement and don't create any instance variables in your index.js. Then in Heroku.com create config vars or with the CLI: heroku config:set AWS_ACCESS_KEY_ID=abc and heroku config:set AWS_SECRET_ACCESS_KEY=abc
Now run and test your uploading. All should be good.
Still not working? Try running this example (edit sample.js to be your bucket when testing):
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-started-nodejs.html (@acinader above's great advice!)
Completely lost and no idea where to start?
1 Get Your AWS Credentials:
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-your-credentials.html
2 Setup Your Bucket
https://transloadit.com/docs/faq/how-to-set-up-an-amazon-s3-bucket/
(follow the part on IAM users as well)
**3 Follow IAM Best Practices **
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Then go back to the top of this posting.
Hope that helps anyone else that was confused by this.
Closing as there is no question or issue that is unaswered. please re-open if needed.