aws s3 iam user vs signed urls
Question
I need to allow my users to access and upload content to AWS S3.
Now I have two decisions to make:
Create a separate bucket for each user or store data for each user in different directories in a single bucket.
Allow them access via signed url or create a separate IAM user for everyone?
The process needs to be fully automated and scalable (ie many users sign up or stop using the services every day).
Each user uploads files every few seconds. I therefore thought that a separate IAM user would save me the roundtrip to get a signed URL, but I am not sure if it is practical to have potentially thousands of IAM users.
1 answers
solution1
3 ACCPTED 2016-11-30 13:46:42
You can only have 100 buckets per AWS account, total not per region so you shouldn't create a bucket per user.
Use keys (folders) to organise the data. Provide access via signed cookies (or urls, but cookies are better for per user) and do the authentication in your application (or use AWS Cognito). IAM isn't really designed for your application end users but for AWS service users.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.