简体繁体 English

AWS S3上载或EC2上载以处理权限

[英]AWS S3 upload or EC2 upload to handle permissions

原文 2014-01-21 13:21:53 8 1 c#/ amazon-web-services/ amazon-s3/ amazon-ec2/ cassandra

I'm trying to find out what is the best storage service for my specific problem. 我试图找出最适合我特定问题的存储服务。

The Application 应用程序

I'm developing a mobile app with Xamarin (.NET). 我正在使用Xamarin（.NET）开发移动应用程序。 Each user has to register and log in to use my service. 每个用户都必须注册并登录才能使用我的服务。 Each user can be in several Groups where he hast the permission to store files in (each file about 200kb). 每个用户可以位于几个组中，在这些组中，他有权存储文件（每个文件大约200kb）。 My Backend is a EC2 instance hosting Cassandra as my database. 我的后端是一个托管Cassandra作为我的数据库的EC2实例。

The Problems 问题所在

I think about using AWS S3 for storing the files. 我考虑使用AWS S3来存储文件。

Question #1: Should i directly upload to S3 or should i upload to EC2, handle the permissions and then store it in S3. 问题1：我应该直接上传到S3还是应该上传到EC2，请处理权限，然后将其存储在S3中。 When using direct upload to S3, i have the advantage of much less bandwith used on my EC2 instance. 使用直接上传到S3时，我的优势是EC2实例上使用的带宽更少。 For direct uploading i have to provide a Token Vending Machine, which has two modes for providing the credentials i need to interact with S3: anonymous and identity. 对于直接上传，我必须提供一个令牌自动售货机，该机有两种提供与S3交互所需的凭据的模式：匿名和身份。 As i read the anonymous approach is mostly user for read-only scenarios. 在我阅读本文时，匿名方法主要是只读场景的用户。 But for the identity approach the user has to register in a browser windows, which is absolutely nothing that i want for my users. 但是对于身份验证方法，用户必须在浏览器窗口中注册，这绝对不是我想要的用户。

The application initiates communication with the TVM by bringing up a browser on the mobile device to enable the user to register a user name and password with the TVM. 该应用程序通过在移动设备上启动浏览器来启动与TVM的通信，以使用户能够向TVM注册用户名和密码。 The TVM derives a secret key from the password. TVM从密码中得出一个秘密密钥。 The TVM stores the user name and secret key for future reference. TVM存储用户名和密钥以供将来参考。

Is it even possible to handle the permissions i need(each user can only upload and download files to groups which he belongs to)only with assigning AWS permissions to the TVM credentials? 甚至可以通过分配TVM凭证的AWS权限来处理我需要的权限（每个用户只能将文件上传和下载到他所属的组）？

Question #2: Should i maybe consider storing each file directly in cassandra, since every file is only about 200kb? 问题2：由于每个文件只有大约200kb，我是否应该考虑将每个文件直接存储在cassandra中？ Problem here is, that the same files could be accessed several times per second. 这里的问题是，同一文件每秒可能被访问几次。

1 个解决方案

I would use S3. 我会用S3。 That way you don't have to worry about bandwidth and permissions on the file. 这样，您不必担心文件的带宽和权限。 You do have interact with the Amazon S3 and IAM Service (Their authorization service). 您确实与Amazon S3和IAM服务（其授权服务）进行了交互。 You can do this through the API and your language of choice (Python, Ruby, Java, etc) 您可以通过API和您选择的语言（Python，Ruby，Java等）进行操作

If you are concerned about being tied to Amazon you can potentially setup something like OpenStack Storage (compatible with the S3 API) in your own datacenter and move your data to it. 如果您担心与Amazon捆绑在一起，则可以在自己的数据中心中设置诸如OpenStack Storage（与S3 API兼容）之类的内容，然后将数据移至其中。 The files would still be handled by your initial application since your code would be "S3 compatible" 这些文件仍将由您的初始应用程序处理，因为您的代码将是“ S3兼容的”