0

I'm trying to get a static website hosted in AWS S3 to be the only way to download/view files from another S3 bucket.

Is this possible?

I've implemented a solution with a custom nodejs backend to do the validation and send the file to the front-end but I think this would be more expensive in the long run.

Johhan Santana
  • 2,336
  • 5
  • 33
  • 61
  • I believe you'll have to create an access key (https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). Seeing as you have a Node JS backend, you'll have to use the AWS Node.js API to retrieve the file from AWS within your backend (https://stackoverflow.com/questions/16799956/javascript-to-download-a-file-from-amazon-s3-bucket). Then you can forward the file to the client from there. – Alexander Guyer Jan 07 '21 at 21:38
  • @Nerdizzle that's what I currently have but it feels like a workaround. Is there no other way to do this? I'm guessing using lambda as well but still, it feels like a workaround. – Johhan Santana Jan 07 '21 at 21:52
  • It isn't a workaround; it's the most conventional way to solve this problem. If you want to allow the clients to directly download the files from S3 rather than going through your own central backend, then you would *have* to make the bucket public so that anyone can download it from anywhere, which is exactly the opposite of what you want. If you want it to only be accessible through your website, then you must centralize the access (i.e. to a backend) and restrict the access to that central system. @LetMyPeopleCode mentioned temporary URLs, but I highly doubt that's your intended solution. – Alexander Guyer Jan 07 '21 at 22:16
  • 1
    Although I suppose temporary URLs *could* be slightly useful in this scenario, *depending* on the reason as to why you don't want to use a server in the middle in the first place, and why you want to restrict access to public static content in the first place. If you're just trying to save yourself time on writing a backend, then temporary URLs won't help you. If you just want to keep track of certain custom metrics that S3 doesn't do by default, then forwarding through a server or using temporary URLs will both solve your problem, each with their own tradeoffs. – Alexander Guyer Jan 07 '21 at 22:23
  • Oh yeah. The presigning of urls could be the way to go so I don't have to serve the files from the server and use more bandwidth. That seems like the way to go. Thank you. – Johhan Santana Jan 07 '21 at 22:47
  • 1
    Bandwidth was one of the tradeoffs I was referring to. If the content is relatively small, latency could also be an issue, which is the other end of the tradeoff. With temporary URLs, the flow is as follows : client -> backend -> aws -> backend -> client -> aws -> client (a client/backend round trip, backend/aws round trip, and client/aws round trip). With forwarding, the flow is as follows: client -> backend -> aws -> backend -> client (a client/backend round trip, and a backend/aws round trip). Forwarding thus saves you a round trip between client and aws, reducing latency. – Alexander Guyer Jan 08 '21 at 00:44
  • Good point. I guess they are both acceptable ways of handling this situation depending on preference (latency vs bandwidth (I guess)) – Johhan Santana Jan 08 '21 at 14:30
  • 1
    @Nerdizzle so found this https://stackoverflow.com/a/53952138/3632722 I think there isn't really another roundtrip assuming this is correct? – Johhan Santana Jan 08 '21 at 16:29
  • 1
    That seems to be the case, so I more or less stand corrected. That being said, if your backend is hosted on AWS (and in the same region as the S3 storage bucket), there is likely to be a guaranteed lower latency between your backend and S3 than between the client and S3. This obviously only applies if your backend is hosted on AWS or is otherwise guaranteed to have a relatively low latency round trip to S3. In such a case, it'd likely be smarter to **measure** latency and bandwidth and **decide** which solution is appropriate for you in an informed way. – Alexander Guyer Jan 08 '21 at 17:20

1 Answers1

1

You can use the AWS SDK for Node to create a S3 pre-signed URL that makes the item available at that link temporarily... few seconds, few minutes. Every time you do it, you get a new unique URL that expires.

APIDoc: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#getSignedUrl-property

LetMyPeopleCode
  • 1,895
  • 15
  • 20