Screenshot System - Share Screenshots Instantly Over AWS S3

This Guide

Over the years I have come to rely on sharing screenshots I take as I work. This guide will allow you to create a screenshot URL that is immediately usable based around a secure Amazon S3 storage bucket for a few dollars a month. I am using a Linux FTP server (LAN access only!) which accepts uploads from my Windows machines using a Windows application to take the screenshot, upload it, and then copy a usable URL to the copy/paste buffer. I can then share the web link with whoever/whatever.


Software/Servers

  • "PicPick" running on the MS Windows client machine(s). > https://picpick.app/en/download < This was chosen because: #1 It's free and #2 it has basic FTP and external command support.
  • A Linux FTP server. (Linux: vsftpd, proftpd - etc) I use vsftpd. Linux is needed as we will be mounting an S3 bucket using "fuse.s3fs". I suppose this could be done under Windows but what's the name of my site? ;-)

Services

  • Amazon Web Services (AWS) Account
  • Minimum AWS services needed: CloudFront + S3 (CDN + STORAGE & WEB SERVICE)
  • AWS Optional but recommended: "Route53" for DNS. "Certificate Manager" for SSL (SSL is free - use it.)
  • A unique DNS "CNAME" addition to define your bucket within your domain for URL calls. This is very important if you wish the URL link to show as your domain and not an AWS S3 link.
  • If you want SSL on your S3 links, you will need a legitimate SSL certificate. You must use the free AWS "certificate manager" SSL (or import your current SSL into AWS Cert Store). Since you are using CloudFront you should have this option available for 'free'.
  • I also use AWS Route53 (DNS) as well (USD $0.50 cents per domain as of Jan2018). This is optional, but if using AWS anyway, you may want to consider it.
  • (Optional) I also create an alarm under AWS billing. You can set it to notify you if your billing goes over a certain amount.

Disclaimer & Examples

All examples in this guide use the subdomain.domain.tld:

screenshots.mydomain.org

DISCLAIMER:
Screenshots using this system default to being world-readable on Amazon S3. That means anyone could potentially see them. If you upload something sensitive (like a password), you are being stupid.
Main point: Don't blame me if you upload a screenshot of your bank password. Be careful when taking screenshots and double check them before sharing. You were warned!




1: AWS Setup

S3 bucket:

You MUST MATCH the "subdomain.domain.tld" used on both URL and bucket name.

Therefore if we use the example domain, the S3 bucket name created would be:
screenshots.mydomain.org

  • Once created, pick 'properties' tab. ENABLE "Static Web-hosting"
  • Use "index.html" as Index document.
  • Record/copy the 'endpoint' shown.
  • Add a blank 'index.html' file to this bucket.
  • (Optional) Setup the time to retain files (your screenshots). You can reduce your bill by having AWS move older stuff to "AWS Glacier". Mine all move when they are 6 months or older.

Note: In this case "screenshots" will be CNAMED to your CloudFront endpoint under your providers DNS. (See below: DNS.)


Certificate Manager (recommended, but optional):

  • Select "Certificate Manager" under AWS console.
  • Create a new certificate that covers:
mydomain.org
*.mydomain.org

You could use "screenshots.mydomain.org", but AWS *does* support wildcard certificates, so you should use one.


CloudFront:

  • Select CloudFront under AWS. Pick "Web" - "get started"
  • Origin Domain Name: Your S3 endpoint recorded above. (Using our example: "screenshots.mydomain.org.s3.amazonaws.com".)
  • AWS should auto-populate this as a drop-down selection, but it doesn't always show up right away.
  • Minimum TTL: 5mins
  • Price Class: Pick one. If you do not have your links clicked much - the price is negligible for best performance one (all edge locations).
  • Save. You should now see a Domain Name like "abc1abc1abc.cloudfront.net". Record/Save this name for DNS entry later.
  • Now click Edit.
  • If you are using a Certificate Manager SSL certificate (above), you need to enter it now. (Pick "Custom SSL", you should see your new certificate in drop-down box - pick it).
  • I also use: SNI, TLSv1.1 (recommeneded), HTTP/2, Logging off, IP6 left enabled

IAM:

  • Create the AWS IAM "identity" that will be used for mounting/writing to S3.
  • Load "IAM" on AWS console page. Create a new user with "AmazonS3FullAccess" Permission.
  • You will need to record the access key ID and the secret access KEY -> NOW!! These are used below as MYIDENTITY and MYCREDENTIAL, respectively. SAVE these in safe place/text file!!

2: DNS setup

Just log into your current DNS provider. I ended up moving my DNS provider from NameCheap (domain registrar) to AWS Route53.

  • Add a CNAME record that points to the given CloudFront Domain you created.

DNS Example:

CNAME entry: "screenshots"
VALUE/HOST: abc1abc1abc.cloudfront.net

3: FTP Server Setup and S3 Mount Point

  • Install Linux FTP server.
  • IMPORTANT: Create and record the FTP user name and password you are going to use. Mine is 'screenshotuploads' as username.
  • IMPORTANT: Set the FTP upload user default login location to the same area you are creating your S3 mount point.
  • In this example, the FTP login would drop the FTP upload user into "/mnt/s3/screenshots.mydomain.org/" - keep this in mind while setting up the FTP upload user.

  • Basic set up of FTP servers is beyond scope of this article. I use VSFTP.
  • Finally, create the mount point for S3FS (which is also the upload location for FTP upload user).

I am using /mnt/s3/screenshots.mydomain.org and Ubuntu/Debian package management (APT) in this example:

sudo apt install s3fs
sudo mkdir -p /mnt/s3/screenshots.mydomain.org

You should use your own "AccessID:SecretKEY" in place of MYIDENTITY:MYCREDENTIAL. You recorded this from the IAM section:

sudo echo MYIDENTITY:MYCREDENTIAL > /etc/.passwd-s3fs
sudo chmod 600  /etc/.passwd-s3fs
sudo s3fs screenshots.mydomain.org /mnt/s3/screenshots.mydomain.org -o passwd_file=/etc/.passwd-s3fs

4: Client / Screenshot App setup

  • Install PicPik app on the Windows client

PicPick Options: FTP

  • "FTP Server:" (The IP of your FTP server is fine here.)
  • "Port:" 21
  • "Remote Path:" (Leave blank if you used my ftp user configuration - it should default to S3 mount point on login - otherwise define S3 mount point here)
  • "Use Passive FTP" (Unchecked in my case - direct LAN ftp server - I do not need passive connections on the small FTP server)
  • "User Name:" (You should have this saved somewhere from the FTP setup)
  • "Password:" (You should have this saved somewhere from the FTP setup)
  • "Open URL in Web": (Unchecked)
  • "Copy URL to Clipboard": (Checked if you want to paste it immediately!!)
  • "URL": Obviously, this is important as it needs to match your URL you are creating.
    In our case:

    https://screenshots.mydomain.org/


PicPick Options: File Name

  • I use "%w-%y-%m-%d_%h%n%s" - there is a table describing the tokens I used.

If you use the filename tokens above, the final URL will save as:

(https://) screenshots.mydomain.org/somehost-2018-07-31_120001.jpg

If you have the FTP server setup, go ahead and try a TEST under PicPick. If no error you are probably okay.

If that works, you can immediately paste the link somewhere. Try pasting to a web browser or to a friend in Skype. Test the URL. If everything is working it should load the screenshot quickly for everyone.


5: Final settings:

You need to permanently add the mount point (so it works across reboots). You must add it to "/etc/fstab".

Example "/etc/fstab" entry:

screenshots.mydomain.org /mnt/s3/screenshots.mydomain.org fuse.s3fs _netdev,allow_other,passwd_file=/etc/.passwd-s3fs,default_acl=public-read 0 0

    FTSAB Options Used:
  • _netdev = only mount after network is up.
  • allow_other = create the mount point with proper read permissions for 'all'/public.
  • passwd_file = Location of user or system password file to access S3 bucket.
  • default_acl = Permission setting for the AWS/S3 side. (Read-Only in this case)
  • uid | gid = (Not used in example) Mount the filesystem as a specific system user and/or group (meaning as non-root user - ROOT is default)
  • 0 0 = No dumps and no filesystem checks

Good luck. Feel free to contact me if you have any questions.