Reputation: 586
Download file redirecting from Amazon S3 to Client
I'm very novice with Amazon S3 and I would like to build a solution that maybe not exist.
I have to build a web application (Java or PHP Backend) where the user logins and downloads files. The web server (Tomcat or Apache) validates the user and allows the download from Amazon S3. When I've worked with a CMS the files were small and there were few requests. So, the flow was:
Client (User) > Server (user validation) > CMS (get file) > Server > Client (User)
Now, the files are bigger and I would like to get the next flow:
Client (User) > Server (user validation) > Amazon S3 > Client (User)
My goal is to improve the performance of my server and avoid the excess traffic of files when the user gets one. Is it possible?
My first approach (not implemet yet!) is a sendredirect from my server to Amazon S3:
User requests /file1 => Server "translates" /file1 to /company.s3.amazon/mybucket/file1.pdf and does the sendredirect to Amazon S3 link.
With this approach I think I can't validate IAM user (I don't use any API) but I also think I can protect the content with a Bucket Policy filtering by server IP address .
Thanks.
Upvotes: 0
Views: 3123
Answers (1)
Reputation: 269340
I would recommend using a Pre-Signed URL, which is a way of providing temporary access to private objects that are stored in Amazon S3.
The pre-signed URL consists of:
- The file URL
- An Access Key associated with a user that has permissions to GET the file
- An expiration timestamp
- A hashed signature based on the authorised user's Secret Key (which is matched with their Access Key)
The pre-signed URL can be generated from a few lines of code and is only evaluated when the GET request is sent to Amazon S3.
When your application (on the server) determines that the user is entitled to access the file, it can generate the pre-signed URL and return it as part of a web page (eg in a hyperlink). When the user clicks the link, the file will be served directly out of S3. After the expiry period, the URL will no longer provide access to the file.
Upvotes: 3
Related Questions
- When i download file programmatically from s3 bucket, It gives me error It looks like we don't support this file format
- Download a file from S3 using full URI using AWS SDK for Go
- AWS-SDK v3 - Download file with Typescript
- Downloading a file from AWS S3 bucket via AWS SDK corrupts the file
- downloading a file from Internet into S3 bucket
- Download a file from AWS-S3 to local computer file system
- S3 Force File Download with NodeJS
- Downloading a file from S3
- Download file to stream instead of File
- Downloading file from S3 and redirect with cURL