多个设备上的AWS S3
[英]AWS S3 on multiple devices
问题描述
Ok, so I am new to AWS. 
好的,所以我是AWS的新手。 I want to make an app that will store a small amount of user data. 我想制作一个将存储少量用户数据的应用程序。 S3 seems to be the way to store data. S3似乎是存储数据的方式。 Is there a way to make multiple storage spaces automatically with S3? 有没有办法用S3自动创建多个存储空间? Lets say I make an android app and people install it on their phone. 可以说我制作了一个android应用,人们将其安装在手机上。 Will they each automatically get an S3 storage space? 他们每个人都会自动获得一个S3存储空间吗? how do I do that? 我怎么做? thanks 谢谢
2 个解决方案
解决方案1
1 2017-10-19 18:20:08
You can create a S3 Bucket to your project with folders (depending on the architecture, can be one for customer). 您可以使用文件夹为您的项目创建一个S3存储桶 (取决于体系结构,可以供客户使用)。 On this way, you will have an instance of the s3 service with all your user data. 这样,您将拥有包含所有用户数据的s3服务实例。
解决方案2
0 2017-10-19 23:20:02
Amazon S3 is simply an object-storage system. Amazon S3只是一个对象存储系统。 How you use it is totally up to you. 您如何使用它完全取决于您。
If you wish to store information on a per user basis, then you need to consider security in addition to how the data is stored. 如果你想存储在每个用户的基础信息,那么你就需要考虑另外的安全的数据存储方式 。
If the intention is that a user can access some information that is private to them (as opposed to being publicly visible to anyone), then you first need to control access to data. 如果意图是用户可以访问一些他们专有的信息(而不是对任何人公开可见),那么您首先需要控制对数据的访问。
- For public information , no authentication is necessary 对于公共信息 ,无需身份验证
- For private information , something needs to determine what they are allowed to access, and then grant access 对于私人信息 ,需要确定允许他们访问什么,然后授予访问权限
You should not give permanent AWS Credentials (Access Key, Secret Key) to every user. 你不应该给予永久AWS凭证(访问密钥,秘密密钥)的每一个用户。 These credentials are only for your IT operations staff (you!) and for your applications. 这些凭据仅适用于您的IT运营人员(您!)和您的应用程序。
This leaves two options: 剩下两个选择:
- Your central server could generate temporary access credentials using the AWS Secure Token Service, while specifying what access rights they have (eg access to a particular S3 bucket and path, or to other AWS services such as DynamoDB). 您的中央服务器可以使用AWS Secure Token Service生成临时访问凭证 ,同时指定其拥有的访问权限(例如,访问特定的S3存储桶和路径,或访问其他AWS服务,例如DynamoDB)。 OR 要么
- Generate pre-signed URLs for specific objects stored in Amazon S3. 为存储在Amazon S3中的特定对象生成预签名URL 。
Based upon your use-case, it seems a better fit to use pre-signed URLs . 根据您的用例,使用预签名的URL似乎更合适。 Basically, the flow is: 基本上,流程是:
- Your app would send a request to your central server, requesting access to an object. 您的应用程序会将请求发送到中央服务器,以请求访问对象。
- The server (or rather, the app you have written that is running on a central server) verifies their identity and confirms that they should be allowed access to the object stored in Amazon S3. 服务器(或更确切地说,您编写的在中央服务器上运行的应用程序)将验证其身份并确认应允许他们访问存储在Amazon S3中的对象。
- The central server then generates a pre-signed URL that grants time-limited access to an object in Amazon S3 and sends the URL back to the client app 然后,中央服务器生成一个预签名的URL ,该URL授予对Amazon S3中的对象的时间限制访问,并将该URL发送回客户端应用程序。
- The client app then uses the URL to retrieve the data from Amazon S3 然后,客户端应用程序使用URL从Amazon S3检索数据。
Only the app running on your central server requires AWS credentials. 只有在中央服务器上运行的应用程序才需要AWS凭证。 It then uses those credentials to generate pre-signed URLs that can be used by the client apps. 然后,它使用这些凭据生成客户端应用程序可以使用的预签名URL。
By the way, the app on the central server doesn't actually need to be running on a server. 顺便说一下,中央服务器上的应用程序实际上不需要在服务器上运行。 You could use AWS API Gateway to send requests to AWS Lambda functions, which can perform the logic and send back the response. 您可以使用AWS API Gateway将请求发送到AWS Lambda函数,该函数可以执行逻辑并发回响应。 This would be a serverless solution, but still with centralized logic. 这将是一个无服务器的解决方案,但仍具有集中式逻辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.