How to securely store images on Amazon S3
Question
I want to securely store images on Amazon S3, or elsewhere in AWS.
I'm looking for a solution similar to FireBase'sUser Security
In firebase what i want to achieve would work something like this:
// Only a user or admin can read and write their passport
match /users/{userId}/passport.png {
allow read: if request.auth != null && request.auth.uid == userId || request.auth.admin == true ;
allow write: if request.auth != null && request.auth.uid == userId || request.auth.admin == true;
}
Thank you!
1 answers
solution1
4 ACCPTED 2020-07-01 12:15:01
There are many avenues to explore with S3 and I have broken them down below.
Authorization
Permissions in AWS are primarily controlled via IAM . You would create a policy with the permission set, then attach this to either a user, group or role within AWS. Your application would use the user or role to communicate with the S3 APIs.
S3 also support bucket policies that allow further conditional based requirements such as source (VPC endpoint, IP address etc) to lock down the maximum permissions another principal (such as your IAM user or even another account) can use.
If you need to lock down specific objects, you can make use of S3 ACLs to apply permissions.
Encryption in Transit
S3 supports encryption in transit. Using S3's HTTPs endpoint you can ensure that your data will be encrypted whilst it traverses the internet. If you want to keep this communication private you can enhance this process by using a VPC endpoint to keep all communication within the AWS backbone.
Encryption at Rest
S3 has many methods of encrypting data at rest. The options are as follows:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.