Amazon S3 - Access to Private Bucket

Question

I have multiple images within a private S3 bucket and I would like an instance of Tableau to be able to access those images. Is there a URL or some way to access those images while still keeping the S3 bucket private?

Answer 1

Access Private Bucket through Tableau

You can setup a IAM user with access permission to S3 and allow Tableau access.

Check the article on Connect to your S3 data with the Amazon Athena connector in Tableau 10.3 for more details.

Note: You need to configure Amazon Athena for Querying the S3 content.

Custom Generated S3 Urls to Access Private Bucket

Yes. You can generate a Signed URL from your backend using AWS SDK. This can be done directly using S3 or through AWS CloudFront.

• Using S3 Signed Urls . eg, Signed Url for GET Object.

   var params = {Bucket: 'bucket', Key: 'key'}; var url = s3.getSignedUrl('getObject', params); console.log('The URL is', url); 

• Using CloudFront Signed Urls . eg, Signed Url for GET in CloudFront.

   var cfsign = require('aws-cloudfront-sign'); var signingParams = { keypairId: process.env.PUBLIC_KEY, privateKeyString: process.env.PRIVATE_KEY, // Optional - this can be used as an alternative to privateKeyString privateKeyPath: '/path/to/private/key', expireTime: 1426625464599 } // Generating a signed URL var signedUrl = cfsign.getSignedUrl( 'http://example.cloudfront.net/path/to/s3/object', signingParams ); 

  Note: Generating the Url needs to be done in your backend. You can setup a serverless solution for this by using AWS API Gateway and Lambda to provide an endpoint for authenticated users to access.

In addition you can also use AWS Cognito UserPools with Identity Pool to get direct access to S3 Private Content without the above steps. For this you need to use the Cognito UserPools or a federated identity as the identity provider which is connected with Cognito Identity Pools.