Accessing files from AWS S3 Bucket

Question

I am using NodeJS to upload a file into my S3 bucket. As a response I receive a link to the file.

For example I receive https://my-bucket-name.s3.ap-south-1.amazonaws.com/testUpload_s.txt

The bucket does not allow public access as of now. How am I supposed to securely access the file from the bucket? I would like to know whether the the following method be safe?

Allow public access for bucket
Each file will be given a random unique name during upload
This file name or the response URL is stored in the database
When the file has to be fetched I use the link received from the upload response to access the file from the bucket

Is this approach safe? If not is there any other method to do the same?

score 1 · Answer 1 · answered Mar 03 '20 at 14:42

1

There are a number of options for giving clients access to an object in S3, including:

make the object public
require the client to authenticate with AWS credentials
give the client a time-limited, pre-signed URL

They each serve a different use case. Use #1 if it's safe for anyone to access the file (for example the file is an image being shown on a public web site). Use #2 if the client has AWS credentials. Use #3 if you don't want to make the file public but the client does not have AWS credentials. Note with #3 that the pre-signed URL is time-limited.

answered Mar 03 '20 at 14:42

jarmod

71,565
16
115
122

So if we consider a social platform where users post pictures, is it safe to make the object public and access it with the link or the filename? If not which method has to be adopted in this case? – user12967133 Mar 04 '20 at 12:05
Only you can answer this because it depends on the nature of the service you are providing. If users are made aware by the service that the images they post will be made publicly visible then, yes, make them public. If they expect them to be private and only visible to themselves and other users that they explicitly share them with then make them private and share them via pre-signed URL. – jarmod Mar 04 '20 at 14:21

score 0 · Answer 2 · answered Mar 03 '20 at 14:40

0

You don't need to store URL. You can query objects in S3 bucket using file name.

For access from outside Use signed url.

https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/s3-example-presigned-urls.html

answered Mar 03 '20 at 14:40

Digvijay S

2,665
1
9
21

Do you have any resource on how to generate signed url for a file from NodeJS aws-sdk? – user12967133 Mar 04 '20 at 12:30
Here is a good example https://stackoverflow.com/questions/38831829/nodejs-aws-sdk-s3-generate-presigned-url/38837566 – Digvijay S Mar 04 '20 at 12:37
Here is a good example... https://stackoverflow.com/questions/38831829/nodejs-aws-sdk-s3-generate-presigned-url/38837566 – Digvijay S Mar 04 '20 at 12:38

Accessing files from AWS S3 Bucket

2 Answers2