0

I'm using S3 to host my user's documents. My s3 bucket is not publically accessible. So my current implementation for that is,

  • When the user presses download, make an API call from my application to S3 and get the file to /tmp/ on my server.
  • Send the file from /tmp/ to the user's client as a browser download.

There is also a way to avoid saving to the server and directly sending the file to the client according to this question.

Which is the best practice? What are the disadvantages of sending a file object directly to the user?

Claudia
  • 163
  • 1
  • 11
  • I would suggest allowing the user to download directly, reducing load on your web server for static content. You can enforce authorisation for the download without needing to proxy it. – w08r Jan 09 '20 at 11:57

1 Answers1

2

Rather than make an API call to downloads the file locally, just generate a presigned url and return a redirect to that url instead.

Ngenator
  • 10,909
  • 4
  • 41
  • 46