I'd like to know how to get a temporary "access token" to get access to aws S3.
I'm developing a service needs access to S3, but this access has to be authorized by an user. For example:
As a my-service user, I'd like to configure S3 storage provider into my-service. I mean, user wants my-service get access to S3.
From non-aws world, the first thing comes me in mind is to use some mechanism similar to OAuth2, but inside aws world, I don't know how to delegate access to my-service.
I've took a look on STS, but I don't quite figure out how to play correctly with it.
The flow would be:
- Receive events when a new file is created or updated or deleted on S3.
- For each event handle it and get properties...
Currently, I'm only interested on how to delegate authorization to my-service to get file properties, or whichever action once event is received.
Please note I'm asking for programmatic access, not console access.
My myservice is running outside Aws infrastructure.
Any ideas?