On AWS, create a IAM user for access to your S3 bucket and use its credentials in your .env file. You can use the following IAM permission:
1{ 2 "Version": "2012-10-17", 3 "Statement": [ 4 { 5 "Effect": "Allow", 6 "Action": "s3:*", 7 "Resource": [ 8 "arn:aws:s3:::YOUR_BUCKET_IDENTIFIER/*", 9 "arn:aws:s3:::YOUR_BUCKET_IDENTIFIER"10 ]11 }12 ]13}For improved security, modify the S3 bucket CORS configuration to accept uploads request from your admin domain only:
1[ 2 { 3 "AllowedHeaders": [ 4 "*" 5 ], 6 "AllowedMethods": [ 7 "POST", 8 "PUT", 9 "DELETE",10 "GET"11 ],12 "AllowedOrigins": [13 "https://YOUR_ADMIN_DOMAIN",14 "http://YOUR_ADMIN_DOMAIN"15 ],16 "ExposeHeaders": []17 }18] 1<?xml version="1.0" encoding="UTF-8"?> 2<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> 3 <CORSRule> 4 <AllowedOrigin>https://YOUR_ADMIN_DOMAIN</AllowedOrigin> 5 <AllowedOrigin>http://YOUR_ADMIN_DOMAIN</AllowedOrigin> 6 <AllowedMethod>POST</AllowedMethod> 7 <AllowedMethod>PUT</AllowedMethod> 8 <AllowedMethod>DELETE</AllowedMethod> 9 <MaxAgeSeconds>3000</MaxAgeSeconds>10 <ExposeHeader>ETag</ExposeHeader>11 <AllowedHeader>*</AllowedHeader>12 </CORSRule>13</CORSConfiguration>