1

I have an ec2 instance running a flask website, and I want to get a certain image from s3 only if a certain user is logged into the site and display it on the homepage. The image can be downloaded with cli tools on the ec2 instance, but I don't want to save it to the harddrive. I want to keep the direct link to the object in s3 private.

Basically, can I do something like what this user is doing, but instead pass the file into the template and display it?

jaredad7
  • 998
  • 2
  • 11
  • 33
  • https://stackoverflow.com/questions/54655279/how-do-web-applications-typically-interact-with-amazon-s3 – Vikyol Aug 21 '19 at 19:48
  • What if I don't want users to be able to share presigned urls with each other? – jaredad7 Aug 21 '19 at 19:55
  • Users don't share anything. If you want a user to access an image in S3, you generate a pre-signed URL in your app and display that link in your app so the user can see/download it. – Vikyol Aug 21 '19 at 20:00
  • Right, my concern is that a user can simply copy that presigned url from the page source or by right-clicking and choosing "copy image address" and email it to his buddy. Or am I misunderstanding something? – jaredad7 Aug 21 '19 at 20:05

1 Answers1

1

CloudFront signed cookies can be used to serve private content. It is possible to prevent misuse of cookies by:

  • Encrypting the cookie
  • Using a custom policy and including the IP address of the viewer.
  • Specifying the shortest reasonable expiration time based on how long you want users to have access to your content.

Don't forget to create an Origin Access Identity (OAI) to give necessary permissions to Cloudfront to access the bucket.

Vikyol
  • 5,051
  • 23
  • 24