1

Let's say that I want to create a simplistic version of Dropbox' website, where you can sign up and perform operations on files such as upload, download, delete, rename, etc. - pretty much like in this question. I want to use Amazon S3 for the storage of the files. This is all quite easy with the AWS SDK, except for one thing: security.

Obviously user A should not be allowed to access user B's files. I can kind of add "security through obscurity" by handling permissions in my application, but it is not good enough to have public files and rely on that, because then anyone with the right URL could access files that they should not be able to. Therefore I have searched and looked through the AWS documentation for a solution, but I have been unable to find a suitable one. The problem is that everything I could find relates to permissions based on AWS accounts, and it is not appropriate for me to create many thousand IAM users. I considered IAM users, bucket policies, S3 ACLs, pre-signed URLs, etc.

I could indeed solve this by authorizing everything in my application and setting permissions on my bucket so that only my application can access the objects, and then having users download files through my application. However, this would put increased load on my application, where I really want people to download the files directly through Amazon S3 to make use of its scalability.

Is there a way that I can do this? To clarify, I want to give a given user in my application access to only a subset of the objects in Amazon S3, without creating thousands of IAM users, which is not so scalable.

Community
  • 1
  • 1
ba0708
  • 10,180
  • 13
  • 67
  • 99

1 Answers1

1

Have the users download the files with the help of your application, but not through your application.

Provide each link as a link the points to an endpoint of your application. When each request comes in, evaluate whether the user is authorized to download the file. Evaluate this with the user's session data.

If not, return an error response.

If so, pre-sign a download URL for the object, with a very short expiration time (e.g. 5 seconds) and redirect the user's browser with 302 Found and set the signed URL in the Location: response header. As long as the download is started before the signed URL expires, it won't be interrupted if the URL expires while the download is already in progress.

If the connection to your app, and the scheme of the signed URL are both HTTPS, this provides a substantial level of security against any unauthorized download, at very low resource cost.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • In the case of downloading files, this is indeed a good approach. My worry was that having to pre-sign an URL for all operations (upload, download, delete, rename, move, ...) would be overkill and would not be a good approach. However, [another answer by you](http://stackoverflow.com/questions/24896743/aws-s3-presigned-url-limit#answer-24901501) made me realize that the signing is solely done by the AWS SDK, hence why generating loads of pre-signed URLs should not be an issue. Would you agree that the same approach is decent for all of the other operations on the objects? – ba0708 Jul 13 '15 at 13:12