Misster Hao
Reputation: 92
AWS S3 folder permission for users
My scenario is as follows:
- Every user on my web application has uuid as primary key.
- My web application users can upload images to their own folder(folder name is their uuid,
ex:
clients/0d75db15-07ad-4800-a5de-1fe82a7bf52e/
clients/0faf6315-6ba9-478d-aaa5-3cd2bd3b3b6e/ - Every user can only access their own folder and files under the folder.
I know that IAM policies has permissions but not folder level or object level.
Is there any solutions for the scenario?
Thanks for any suggestions and answers!
Upvotes: 0
Views: 756
Answers (1)
John Rotenstein
Reputation: 269340
Given that your application has 1000+ users, you should not be relying on IAM policies or S3 Bucket policies to manage the security.
Instead, all objects should be kept as private and the application should generate Amazon S3 pre-signed URLs, which grant time-limited access to private objects stored in Amazon S3.
It would work like this:
- A user logs-in to your application
- When user requests access to an image, or if application wants to send them an HTML page that includes images using
<img src='xxx'>tags, the application should:- Verify that the user is entitled to access the object
- If so, generate a pre-signed URL that grants temporary access to the object
- The user's browser then accesses the provided URL
- Amazon S3 will verify that the pre-signed URL is valid and then provides access to the object
Upvotes: 1
Related Questions
- AWS S3 ACL Permissions
- Amazon S3 folder permissions
- Amazon S3 Folder Level Permissions
- AWS access to S3 bucket's folder for user groups
- Setting user permissions for AWS S3 buckets
- AWS S3 Permission to put in specific folder
- Bucket permissions on Amazon
- Permissions of files on s3
- Custom user permissions for S3
- How to restrict folders to user