CODEWITHSUNDEEP
amazon-web-servicesamazon-s3woocommerce
devman
devman

Reputation: 701

Woocommerce digital goods on AWS S3

I want to host my digital downloads on AWS S3. There seems to be no easy way to do this.. i have googled a LOT. there are 2 plugins, one paid and one not supporting v4.

i think my last resort is somehow taking v4 signing from the SDK and putting it on top of the "not working" one, but i don't know how easy that will be (or if i'm able to do it at all).

Is there a way to configure my S3 bucket to be linkable, but not browsable? so that i can put the pre-signed URLs into my woocommerce and it works just like that? I find the S3 (or AWS in general) documentation REALLY confusing. I just want to host my files on S3 and sell them with woocommerce. seems like a really trivial task to me, but it seems overwhelmingly difficult. What easy way is there? do i have to implement v4 signing myself? if so, where can i find an easy explanation on how to do it?

Thanks :)

Upvotes: 0

Views: 740

Answers (2)

John Rotenstein
John Rotenstein

Reputation: 270224

It would be unwise to always use the same URL for your products.

Once somebody purchases your product and you provide a link, they could theoretically Tweet the link and anybody would then be allowed to download it.

The normal usage of a pre-signed URL is:

  • Your application determines whether a user is entitled to access the object in Amazon S3
  • Your application generates a pre-signed URL (can be done via a few lines of code, or via the AWS Command-Line Interface (CLI) aws s3 presign command)
  • Your application provides the pre-signed URL to the user
  • The user has a limited time period within which they can use the URL to download the item

Your design, however, uses a single pre-signed URL (presumably with a far-future expiration time), which does not make it as safe.

Similarly, your idea of making bucket contents public but not listable is "security by obscurity", which is not a good option.

Bottom line: Try to use custom-generated pre-signed URLs to provide time-limited access to private content in Amazon S3.

See: Amazon S3 Pre-Signed URL in PHP

Upvotes: 1

Deepak Singhal
Deepak Singhal

Reputation: 10876

Yes it is absolutely possible. Just configure right policy on your S3 bucket(can be set via AWS console) to NOT allow list but allow GET on the bucket. This is the most common requirement ; because we want users to be able to see product images; but NOT list of all images.

This policy will work :

{
    "Version": "2012-10-17",
    "Id": "Policy1432653608784",
    "Statement": [
        {
            "Sid": "Stmt1432653602777",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket-name>/*"
        }
    ]
}

Let me know if u need more help

Upvotes: 2

Related Questions