From c1c235510d4ac3d96ceb5631c4b624efc65a273f Mon Sep 17 00:00:00 2001 From: Khalim Conn-Kowlessar Date: Thu, 13 Jul 2023 19:40:48 +0100 Subject: [PATCH] Added some documentation about generating presigned urls --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index e88f017..48ec64a 100644 --- a/README.md +++ b/README.md @@ -112,3 +112,10 @@ the JWT, and avoid the functionality defined in the signIn function as defined i **cypress/figtures/session.json** is a user fixture that is used to log in a user in the login tests **cypress/support/commands.ts** creates a custom login user command which sets a JWT and allows us to actually authenticate. `cy.intercept` only mocks the client side behaviour of the apis and therefore does not set any cookies, do this function does this manually. + +# Generating pre-signed urls + +In our terraform stack, we have a module called `s3_presignable_bucket` which contains the definition for our bucket which we will use to store retrofit plan input csv's in. + +We will generate a pre-signed url and then make a post request to that endpoint to store that data to s3. Part of that process is the creation of an AWS IAM role which contains +the permission set to access the bucket, `rerofit-plan-inputs-`. The name of this IAM role is `s3_presign_role_` and for our NextJS application, as it's hosted outside of AWS (for the moment), we need to generate a set of access credentials to give the application access to this bucket. The access key and secret key are automatically generated and stored in AWS secrets manager under `dev/presign_frontend/access_key` and `dev/presign_frontend/secret_key` and need to be set in the environment for the pre-sign api to store csv data to aws.