I want to perform an OTA on a ESP32 device, the firmware is stored in an AWS S3 bucket. The download works when I’ve set the bucket permission to public (uncheck "Block public access"). However I would like to keep my bucket private and still be able to download the binary. For now I’ve root access to the bucket.
How can I do this?
>Solution :
It appears your requirement is to download a private object from Amazon S3 from a device that does not have a set of AWS credentials.
This can be done by using an Amazon S3 pre-signed URL, which is a time-limited URL that provides temporary access to a private object.
The flow would be:
- The ESP32 device would authenticate to a backend
- A backend would verify that the user is authorized to access the object
- It would then generate the Pre-signed URL and provide it to the ESP32 device (somehow)
- The ESP32 device then uses the Pre-signed URL to download the object