Skip to main content
D
Dmitry5DF8
Participating Frequently
February 3, 2021
Question

Amazon S3 and PDF Embed API do not work together

  • February 3, 2021
  • 2 replies
  • 5335 views

Not sure if somebody here can actually help, but PDF Embed API stopped working since I started storing my files in S3. It gives a very plain error:  

 

File preview error. File preview not available, please reload to try again.

 

I think there is some problem with permissions but can't find any help. My files are private, but my website has access to them with IAM role. However, in this case, Amazon probably thinks that it not my website, but Adobe who is calling it and therefore just does not return anything. And Adobe API can't properly handle it to tell the true reason.

Anyone got a solution to this? Or at least a good advice on debugging it?

    This topic has been closed for replies.

    2 replies

    T
    Test Screen Name
    Legend
    February 4, 2021

    I assume you are concerned for the security of your info, but you need to be very careful indeed with this. There is no problem with publicly available S3 files, which just have a public URL.

     

    To access files on S3 that do not have public access means you must, of course, give your S3 credentials - so S3 knows it is you. Your credentials include a public part and a secret part. But this is where the problems start. You can't, thank goodness, put these credentials into a URL - thank goodness because the world would immediately have them! You have choices. You can fetch your S3 file via a private API to S3. Or, you can generate a special URL which has a coded version of the credentials that cannot be faked (though of course the URL can be copied and shared!)

     

    But here's your next problem: you have to include the secret key in your JavaScript code, to either use the API or generate the special URL. Your JavaScript is public, so you would be giving away access to the world again! If you absolutely MUST do this, at least use the Amazon IAM feature to set up an acccount that can read just these files, nothing else - otherwise your Amazon AWS account and all your data can be completely stolen. 

     

    If I were a security auditor I would condemn and, if possible, forbid any of the above. But what are you really trying to protect? Are you trying to do DRM on the cheap? Generally, if you want to serve sensitive data (such as a bank statement) it must be served by a web service with authentication and user passwords.

      Joel Geraci
      Community Expert
      Joel GeraciCommunity Expert
      Community Expert
      February 4, 2021

      Agreed. OP, do not put direct access to S3 in your client-side JavaScript, use some sort of middleware. 

      Joel Geraci
      Community Expert
      Joel GeraciCommunity Expert
      Community Expert
      February 3, 2021

      Have you set up CORS to allow files to be loaded from S3?

      D
      Dmitry5DF8Author
      Participating Frequently
      February 3, 2021

      I did, but I don't have big experience with it, so not sure if it's correct. But not sure if this is enough when my S3 bucket is not public.

      [
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://mycustomdomain.com/"
        ],
        "ExposeHeaders": []
    }
]

       

      Joel Geraci
      Community Expert
      Joel GeraciCommunity Expert
      Community Expert
      February 3, 2021

      Ok - Yeah. The bucket needs to be public if you are going to pass the content using a URL. If you want to keep the bucket private, you need to retrieve the file using the S3 API then pass it to Embed API as a Promise that resolves to a ByteArray.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices