Reputation: 35
Control access to AWS S3 files from my application
I'm working on an application and we'd like to host our users' files to AWS S3.
Initial thinking is to create a new bucket for every new user (bucket name could be the user's unique code). How can we control access to the user's bucket files using for example his username or email ? S3 provides different levels of access based on a AWS accounts.
We need to make sure that the authenticated user have access to only his bucket files. What would be the best way to achieve this kind of scenario (with S3 or a similar service) and prevent anyone with the right url to access other users files ?
Upvotes: 3
Views: 406
Answers (1)
Reputation: 2475
It sounds as though what you're looking to do can be done with S3 pre-signed urls.
This would require you to:
- Set bucket/file ACL to
private, which will prevent anyone with "the right url" from accessing the files. - Allow your application to generate short-term links to files, which your users will then be able to use for access.
Instead of directing your user directly to the file being requested the workflow would be something like the following:
- Direct your user to a route in your application which validates their right to access the desired file.
- Once the user has been authenticated, generated a pre-signed URL for the file requested,
- Return a 302 redirect to that pre-signed URL
Upvotes: 4
Related Questions
- Make Amazon S3 files available only to logged in users
- AWS: Does my S3 bucket need a policy for files to be readable from my application?
- AccessDenied application using S3 in AWS EC2 Instance
- AWS S3 Access Policy - Restricting Folder Access
- Deny access to AWS S3 files for everyone but the application user
- Accessing private S3 content only from my application
- Only permit authenticated access to S3 files
- How to give access to s3 files to authenticated web site users
- How to securely access a file in the application using s3 bucket URL
- Restricting amazon s3 access for a web application?