Skip to content

piu28/aws-private-file-sharing-tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
api
api
 
 
bootstrap-3.3.7-dist
bootstrap-3.3.7-dist
 
 
css
css
 
 
fonts
fonts
 
 
images
images
 
 
js
js
 
 
node_modules
node_modules
 
 
README.md
README.md
 
 
authenticated.html
authenticated.html
 
 
cognitologin.html
cognitologin.html
 
 
index.html
index.html
 
 
viewcontents.html
viewcontents.html
 
 

Repository files navigation

Private File Sharing Tool for Internal and External Users in AWS

The goal of this application is to share the files (images,docs,spreadsheets,audio etc) between internal and external users privately. The following AWS Resources have been used while building this application:

  • IAM
    • IAM Role: To assume after login.
    • IAM SAML Provider: With ADFS Federation Metadata.
  • S3 Bucket: To upload and share the files.
  • AWS Cognito User Pool: To create external users.
  • AWS Cognito Federated Identity Pool: For the authentication providers (SAML and Cognito User Pool).
  • AWS EC2 Ubuntu Server: The application code is kept and serve through a web server.
  • AWS EC2 Windows Server: Managing Active Directory and ADFS for Internal Users.

The intention is to create a simple web app that has the following features:

  • The users will be able to view the contents of their particular bucket and a shared bucket. Users will not be able to access the buckets which are own by other users.
  • The internal users i.e. AD Users will be able to view, upload and share the selected files to any user internally or externally.
  • The external users i.e. Cognito Users will be able to view and share the selected files to any user internally or externally.
  • After login, the user will get the temporary credentials so that he/she will be able to access the bucket.
  • Once a file is shared with a user, he/she will get a download link on his/her email address. Also, the file will get copied to his/her folder in the same S3 bucket. For example, if userA is sharing a fileA to userB (userb@gmail.com), the fileA will get copied to userB’s folder i.e. the structure of the bucket will be: s3bucket/userb@gmail.com/usera@gmail.com/fileA.
  • The download link will be sent to the email address based on the user is already registered or not.
  • If registered, the user will be asked to enter the credentials with MFA to download the file.
  • It not already registered, the user will be redirected to the registration page. Once registered, the user will be asked to reenter his/her credentials to download the file.

How to make it work

Clone the Repo. Specify the correct parameters in js/aws/config.js. Serve the Document Root Location through a Web Server. In our case, we have tested on an Ubuntu Server and configured Nginx Web Server to serve the application.

Also, an api (code exists in api directory in the repo) has been used to authenticate and redirect the AD users to the correct page. Start the api using below command:

node server.js

The api starts listening on 8443 port.

About

blog.powerupcloud.com/share-files-securely-over-internet-using-aws-cognito-and-s3-126811991d23

Topics

aws s3 cognito private adfs filesharing

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages