Keep your S3 bucket private without any compromise within the free limit.
To generate using wrangler
wrangler generate projectname https://github.com/keyute/cloudflare-worker-s3.git
Recommended for single worker deployment or projects with untrusted access to KV. Remove variables defined as secrets from vars
appropriately to avoid conflicts.
Workers KV supports exceptionally high read volumes and allows configuration of multiple workers by binding workers to the same KV.
This cloudflare worker supports using KV, secrets and environment variables. It will first look for secrets and environment variables before looking up KV. Remove any environment variables if you plan to define them in KV.
Add these lines to the bottom of wrangler.toml
and replace empty values as needed.
[env.your_env]
zone_id = ""
route = ""
vars = { "AWS_ACCESS_KEY_ID" = "", "AWS_REGION" = "", "AWS_S3_BUCKET" = "", "AWS_SECRET_ACCESS_KEY" = "" }
# secrets = ["AWS_ACCESS_KEY_ID", "AWS_REGION", "AWS_S3_BUCKET", "AWS_SECRET_ACCESS_KEY"]
# kv_namespaces = [
# { binding = "KV", id = "" }
# ]
These values are required and has no defaults. Any of these values not configured will result in an exception.
Key | Description |
---|---|
AWS_ACCESS_KEY_ID | AWS Access Key of user with permission to access your bucket |
AWS_REGION | AWS region where your bucket is hosted |
AWS_S3_BUCKET | Name of your bucket |
AWS_SECRET_ACCESS_KEY | AWS Secret Key of user with permission to access your bucket |
PRIVATE_KEY (optional) | Your base64 encoded password |
PRIVATE_REGEX (optional) | Regex of your private file paths for verification |
You can add as many environments as you want and publish to these environments respectively.
This cloudflare worker supports signature validation for files that has an expiry date.
Call private files with the parameter token
in your URL with the format <timestamp>_<sha256_signature>
Generate a SHA256 signature with the same PRIVATE_KEY
and the format <path><timestamp>
To publish using wrangler
wrangler publish --env [your_env]