AWS EC2 and S3 advice

Question

I'm new to AWS but I already like it alot.

We're creating a new CMS for our interactive applications and I'm doing some POC-work.

Short explanation of the system: Each customer has an account. This account has one or more users. Each account will be able to create and edit something that we call stations (it's basically an interactive appliation). Theese stations will hold different data which can be text, images and videos. The data will be synchronized to a set of computers once a day.

In the current solution we have one VPS per customer and to synchronize videos and images we use rsync. This is set up manually, but now we'd like to scale things up by using EC2 and S3 in a multi-tenancy solution.

My initial thoughs is to create one folder per station and then create and connect an IAM user to each user account in our application. How would you solve the synchronization part?

Another question I have is about whats best practice when it comes to fetching files from S3. All the uploaded media should be protected behind authentication. Would it be ok to authenticate the user and then fetch the file with the API on the EC2 instance or should we solve it in another way?

Answer 1

Both of these problems are easy to solve.

You don't need to worry about synchronization. Simply upload all of your content to S3 and serve it directly from S3. How you organzie the files is up to you, ultimately your application will track which object belongs to which customer.

If you need to protect the file, you can set it as private on S3, and serve it with a signed URL.

You can also combine cloud front with s3 for better delivery. Although you will get less benefit if you are using signed URL's