AWS 私有 S3 存储桶可从经过身份验证的 URL
[英]AWS private S3 bucket available from authenticated URL
问题描述
I am currently using pre signed URL/cookies in a private bucket in order to deliverer an access URL to a specific user from the front app.
我目前在私有存储桶中使用预签名的 URL/cookie,以便从前端应用程序向特定用户提供访问 URL。
From the front, the user clicks on a button that makes an API call to API Gateway + lambda to generate the file (or not if already exists) and then generates a valid pre signed URL for 60 seconds. From the front, the user clicks on a button that makes an API call to API Gateway + lambda to generate the file (or not if already exists) and then generates a valid pre signed URL for 60 seconds.
I would like to do the same thing: giving a secured URL access to a file in a private bucket BUT without expiration delay because the receiver is no longer a user but an ERP.我想做同样的事情:让安全的 URL 访问私有存储桶中的文件但没有过期延迟,因为接收者不再是用户而是 ERP。 The filename never changes, only the data in it, and each file can be download from only one ERP.文件名永远不会改变,只有其中的数据,每个文件只能从一个 ERP 下载。
Is it possible with S3? S3可以吗?
1 个解决方案
解决方案1
1 2020-06-28 18:58:21
It is not possible to do this purely with S3, signed URLs must have a fixed expiry date.仅使用 S3 无法做到这一点,签名 URL 必须具有固定的到期日期。 This can only extend as far as 7 days away.这最多只能延长7 天。
If you want to implement this you will need to have a custom application perform this action.如果您想实现这一点,您将需要一个自定义应用程序执行此操作。
You can set a longer expiry if you use CloudFront through the DateLessThan condition allowing you to set far in the future.如果您通过DateLessThan条件使用 CloudFront,您可以设置更长的到期时间,从而允许您设置遥远的未来。
Alternatively you could create your own signed secret that your store in a DynamoDB table, with an API Gateway application triggering a Lambda to both validate the signed URL and if valid return the cody contents of your S3.或者,您可以创建自己的签名密钥,并将其存储在 DynamoDB 表中,并使用 API 网关应用程序触发 Lambda 以验证签名的 URL 的内容,如果
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.