📦 Salesforce → Amazon S3 File Upload (SDK-Based)

⚠️ Archived for Security Reasons — This repo is no longer maintained and is kept public for reference only.

🛑 Why This Is Archived

This project demonstrates a Salesforce solution for uploading files directly to Amazon S3 using the AWS JavaScript SDK.
While functional, this approach requires exposing your AWS Access & Secret Keys in the front end in order for the SDK to work.

That means:

• 🔓 Your AWS credentials can be visible to anyone with access to the browser’s network tools.
• 💳 This creates the potential for unauthorized access to your S3 bucket.
• 🚫 Not safe for public-facing apps or production environments where security is critical.

🛠️ Intended Use

• ✅ Internal tools or trusted environments where users are authorized and the risk is low.
• ❌ Never use this method in public portals, untrusted environments, or where sensitive data is involved.

🔍 Why Keep It Public?

I’ve made this repo public so others can:

• 📖 Learn how S3 uploads can work from Salesforce using the SDK.
• 🔍 Inspect and adapt the code for secure, internal workflows.
• ⚠️ Understand the risks before deciding on an architecture.

🔐 Recommended Alternatives

If you need a secure approach for S3 uploads from Salesforce:

1. 🖥️ Generate Pre-Signed URLs on the server side (e.g., Apex, Lambda, API).
2. 🛡️ Store your AWS credentials securely — never in client-side code.
3. 🔄 Use temporary credentials via AWS STS for short-lived access.

---

⚡ Use at your own risk — The code works, but security should always come first.

Salesforce Files to Amazon S3

Deploy via sfdx

Setup

1. Create New Bucket in S3

Choose the appropriate region for you:

Make sure ACLs disabled is true

Block all public access is true

Once created, navigate to your new created bucket. Go to the permissions tab and copy the below code into the 'Cross-origin resource sharing (CORS)' settings (Be sure to add your salesforce domain in AllowedOrigins (EG https://reidsdevorg2-dev-ed.lightning.force.com)):

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD",
            "POST",
            "PUT",
            "DELETE"
        ],
        "AllowedOrigins": [
            "YOUR SALESFORCE DOMAIN HERE",
        ],
        "ExposeHeaders": [
            "Access-Control-Allow-Origin"
        ]
    }
]

In the search bar navigate to IAM. Select 'Users' on the left side of the menu. Select 'Add users'.

Name your user (recommend putting salesforce in the name) and select 'Access key - Programmatic access' for the credential type.

Select 'Next: Permissions' and 'Attach existing policies directly', search for 'AmazonS3FullAccess' and check that policy. Select 'Next: Tags', Select 'Create user'.

Warning BE SURE TO COPY THE ACCESS KEY ID AND THE SECRET ACCESS KEY BEFORE CLOSING THIS PAGE.

2. Custom Metadata Configuration

In Salesforce, Setup > Custom Code > Custom Metadata Types > Amazon S3 Select 'Manage Amazon S3's' Create a new Amazon_S3__mdt record named Amazon_S3_Integration

Fill out the information in the record from S3. Create a Bucket for sandbox testing, just be sure put 'sandbox' in the name to differenciate.

Navigate to Lightning page and search 'Amazon s3 Files', drag component to page and configure as needed.

2022-11-02.15-49-11.mov

Coded while petting 😸 and listening to 🧃🌎