Connect private AWS S3 bucket to Pixboost
Hi there,
I’m pleased to announce today a new feature that we released last week — connecting AWS S3 bucket to your Pixboost account!
So, why would you want to do that? Before we implemented this feature, the way to use Pixboost with S3 bucket was to make S3 bucket public and use public URLs with Pixboost API. For instance, if all your images are in a bucket called “bucket-with-images” in the Australian region (ap-southeast-2) then Pixboost API call would look like:
https://pixboost.com/api/2/img/https://s3-ap-southeast-2.amazonaws.com/bucket-with-images/image.png/optimise?auth=your-api-key
And this is a fine way of doing so. However, there could be some legitimate security concerns with the approach above:
- An attacker could see a bucket name from the URL
- The bucket must have public access turned on
In many enterprise organisations, there is a taboo on public S3 buckets. And that’s a good thing — there is no “too much” security if you deal with personal or financial data! So, let’s draw the solution we came up with:
Using the schema from the picture above, we solved both problems that we had:
- We use an alias instead of direct URL, so the name of the bucket is not a part of API call
- Pixboost is using separate IAM user to access the bucket, so it doesn’t need to have public access
Now let’s see how to connect S3 to your Pixboost account.
Setting up
AWS
We assume that you already have S3 bucket with your images stored there. If not, then you can read how to do that here.
To set up a new user that you’ll integrate with Pixboost:
- Create a new IAM user
- Add new credentials for the user.
- Update or create a bucket policy and give the user s3:ListBucket and s3:GetObject permissions.
Below is an example of a bucket policy:
Pixboost
- Once you log in, there is a new panel called “Images Sources”. That’s where all your integrations will be! Click on “Add source”.
2. Select “Amazon AWS S3 Bucket” in “Type” dropdown and fill in the details
Let’s quickly go through each field and see what it’s for:
- Alias is a unique identifier of the source that will be used in the URL when calling API
- Bucket name is the name of a bucket
- Region is an AWS region ID of the bucket
- Path Prefix is an optional prefix that will be used for all requests. It could be used if all your images in the bucket stored in one folder. In that case, you could set “Path prefix”, and you won’t need to add it to each API call.
- Access Key is an AWS IAM user’s access key created in the step above.
- Secret Key is an AWS IAM user’s secret key created in the step above
3. Click “Add”, and you are done!
Testing
The last but not least step is testing! So, let’s fire up an API call and check that integration works:
https://pixboost.com/api/2/img/bucket/<PATH_TO_THE_IMAGE>/optimise?auth=<API_KEY>
In response we should see our optimised image.
What’s next?
It’s worth mentioning that we developed not just S3 integration but “Images Source“ abstraction that allows us to easily plugin other types of sources. Stay tuned as we are going to release more integrations very soon!
