[英]Secure AWS S3 file urls
I have some business related documents in my platform uploaded by each user and once uploaded, this is stored in the AWS S3 bucket. 每个用户在我的平台上都有一些与业务相关的文档,一旦上传,这些文档将存储在AWS S3存储桶中。 My requirement is like the user should be able to access this content only by the URL's provided from the application.
我的要求就像用户应该只能通过应用程序提供的URL来访问此内容。 Right now, I have S3 url's but this can be used any number of times.
现在,我有S3网址,但是可以多次使用。
First of all, is this possible in AWS S3 ? 首先,这在AWS S3中可行吗?
If possible what is the technique ? 如果可能的话,什么技术? How can we do this ?
我们应该怎么做 ?
You'll want to look at securing your bucket so it's only accesible from your application (use an instance role with access to the bucket). 您需要考虑保护自己的存储桶,以便只能从您的应用程序访问它(使用具有访问该存储桶的实例角色)。 Then serve pre-signed URLs.
然后提供预签名的URL。 There are many AWS documents describing how to do this depending on the language.
有许多AWS文档描述了如何根据语言来执行此操作。 You can review some of those here .
您可以在此处查看其中一些内容。
It is possible to generate a S3 link with an expires timestamp. 可以生成带有过期时间戳记的S3链接。
An example in python found here : 在python一个例子发现这里 :
#!/usr/bin/env python
# Create a time-bombed URL from an S3 object
# Parameters: s3_url [timeout]
# timeout defaults to 1 minute if not specified
# requires the boto module
import sys,re
try:
testArg=re.match('s3:\/\/',sys.argv[1])
except:
print ("usage: " + sys.argv[0] + " s3_object ttl_in_sec")
sys.exit(1)
if not testArg:
print "need a valid s3 object as arg"
sys.exit(1)
try:
sys.argv[2]
expTime=int(sys.argv[2])
except:
expTime=60
(bucket,key)=re.split('/',re.sub('^s3:\/\/','',sys.argv[1]),maxsplit=1)
testKey=re.match('\w',key)
if not testKey:
print ("something wrong with this url - I have a key of: " + key + " - bailing")
sys.exit(1)
from boto.s3.connection import S3Connection
s3=S3Connection()
url = s3.generate_url(expTime, 'GET', bucket=bucket, key=key)
print (url)
would create a link like this one: 将创建这样的链接:
https://runascloud-tmp.s3.amazonaws.com/medium/testFile.txt?Signature=6eAuqcwJtpy4RLbIB7LsvTDt7g4%3D&Expires=1569188257&AWSAccessKeyId=AKIAIHPTZ74AMD3GGAMQ
https://runascloud-tmp.s3.amazonaws.com/medium/testFile.txt?Signature=6eAuqcwJtpy4RLbIB7LsvTDt7g4%3D&Expires=1569188257&AWSAccessKeyId=AKIAIHPTZ74AMD3GGAMQ
which expires after X time has passed. 它在X时间过去后过期。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.