My application requires external users who do not have access to aws to upload to a private S3 bucket.My requirement is to provide the users some kind of interface from where they can upload to a private S3 bucket.
The Users also need to have he application that allows for upload of files is integrated with AzureAD.
que1 - Can we do this OIDC integration directly on S3 ? que2 - How can I achieve this upload to private S3 bucket without giving access to aws account.(can aws presigned url be generated from aws console or any other way to achieve this)
Yes you can create a presigned url via the AWS Console, SDKs, CLi and more AWS S3 presigned URL
You cannot integrate OIDC directly with S3. This can be achieved by using AWS Cognito. Depending on the configuration, your users will be receiving temporary STS credentials to upload to S3 (there are a few steps happening in the background of exchanging the various tokens..). AWS Cognito OIDC integration
There are many combinations available and you can even combine both. E.g. an AWS API Gateway integrated with AWS Cognito, triggering a lambda function which generates the presigned url and presents it to your user.
Or you can skip the presigning part and directly allow the upload via a POST Method and a lambda to S3. Maximum payload to API gateway is 10 MB and maximum payload for Lambda is 6 MB.
How to reference Cognito in a sample bucket policy S3 bucket policy for Cognito