How to do custom settings in s3 to show folder to some users

Question

In my app user upload images and I add watermark on it.Both are stored in different folder.

I want that original images only shown to those users who upload it and private to others.

In simple public for owner who upload it and private for rest . I cant find any relevant bucket policy for it.

Is we can do like it?

Answer 1

If the data belong to the specific user, for me the rule of thumb is to keep the data private.

Never keep user data in s3 public, A single script can find the pattern of an object name and anyone can access the image data of any buddy.

If the images are some sort of assets then it's fine to make them public, but the rule of thumb "User data in S3 should be private"

Here is guideline to how to make data secure in S3 and also you should read user Data policy or declare user policy for your App.

I want that original images only shown to those users who upload it and private to others.

The best option is presighned URL, generate a pre-signed URL for accessing to an object, you can set the time limit too, it means after that time, the URL not work and expired.

Here is the flow diagram.

You can read this slide.

amazon-s3-bucket-file-download-through-presigned-timebound-urls

save the object in such way that its name contain user metadata or the object contain metadata of user, save the file name in DB, during user request cross-check the metadata and generate presigned URL.