Answer the question
In order to leave comments, you need to log in
F
F
Fedot Krusenstern2021-07-13 19:05:49
Fedot Krusenstern, 2021-07-13 19:05:49
How to organize and implement limited access to s3 files?
There is an application consisting of services:
- S3 storage with images and videos
- backend implementing users (authorization, roles, etc.)
- ...
Requirements:
- open source solution
- the end user should not see the original repository link
- link must be single use
- some files may only be visible to some user roles
The second and third points of requirements are a dark forest for me.
The fourth, probably, does not make sense, because you just need to check the user's role on the backend and not pass the link.
UPD:
While waiting for an answer, I found something similar to what you need https://www.nginx.com/blog/securing-urls-secure-li...
3 answer(s)
@CloudC
@2ord
Well, write a backend, implement access to S3 and open the code. What is the problem?
Link generation with access: S3 presigned URL
Access rights are controlled by the application itself. There are plenty of articles on the internet on how to do this.
To generate a one-time link
, the Storage can be visible to everyone, and access to the files is only for whom the link is generated.
Let's say you need to distribute 1 file to 10 people. 10 people will have 10 different links pointing to the same file in S3 storage.
If you do not want expensive AWS S3, then take a compatible MinIO solution that you can install on your own facilities and manage yourself.
@jenki
If everything is generalized and expanded to future possible Wishlist, then a small wordpress project emerges. There and authorization, and authentication, and what else will come out to the heap. WP Diskbox works with S3 and CloudFront. I think plugins for generating one-time links to be not in a single instance.
F
Fedot Kruzenshtern, 2021-07-16 @CloudC
It turns out that I needed the secure link module in nginx. In the blog there is an article with specific examples and an example for generating a link to node.js.
https://www.nginx.com/blog/securing-urls-secure-li...
R
Roman Mirilaczvili, 2021-07-13 @2ord
1. open source solution
Well, write a backend, implement access to S3 and open the code. What is the problem?
Link generation with access: S3 presigned URL
Access rights are controlled by the application itself. There are plenty of articles on the internet on how to do this.
To generate a one-time link
, the Storage can be visible to everyone, and access to the files is only for whom the link is generated.
Let's say you need to distribute 1 file to 10 people. 10 people will have 10 different links pointing to the same file in S3 storage.
If you do not want expensive AWS S3, then take a compatible MinIO solution that you can install on your own facilities and manage yourself.
S
Stanislav Bodrov, 2021-07-13 @jenki
open source solutionIt could be a Lambda you wrote.
the end user should not see the original repository linkCloudFront is required, the more you give a lot and a lot of static. Customizes and marries with a touch-in bucket.
link must be single useIt could be a Lambda you wrote plus an Edge service.
some files may only be visible to some user rolesS3 supports a role-based (if I may say so) model of data access, only here you will get tired of resolving all this even with Lambda for a couple.
If everything is generalized and expanded to future possible Wishlist, then a small wordpress project emerges. There and authorization, and authentication, and what else will come out to the heap. WP Diskbox works with S3 and CloudFront. I think plugins for generating one-time links to be not in a single instance.
Similar questions
D
E
H
A
G
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question