aws 予签名 url
When trying to design a solution architecture where the application can generate and store private files on a storage option like S3, and allow the possibility for these files to be accessed by specific users for a certain amount of time, and still remain private, we could follow two different approaches based on a real use case scenario.
当尝试设计解决方案体系结构时,应用程序可以在诸如S3之类的存储选项上生成并存储私有文件,并允许特定用户在一定时间内访问这些文件,并且仍然保持私有状态,我们可以遵循基于实际用例场景的两种不同方法。
Let’s write down some use cases and see how we can approach the best solution:
让我们写下一些用例,看看如何找到最佳解决方案:
- An application that converts audio files from one format to another, allowing the user to download the converted file via a link that expires after five minutes. 一种将音频文件从一种格式转换为另一种格式的应用程序,允许用户通过五分钟后失效的链接下载转换后的文件。
- An application that serves premium content (research insights, documents, videos, etc.) only to signed-in users, for a limited time. 在有限的时间内仅向登录用户提供优质内容(研究见解,文档,视频等)的应用程序。
- An application that offers access to private content to specific users that belong to a specified IP address range. 一种应用程序,可为属于指定IP地址范围的特定用户提供对私有内容的访问。
For all these different scenarios, we can choose to store the premium content through a storage option like S3 and deliver it directly or from an HTTP server.
对于所有这些不同的场景,我们可以选择通过S3之类的存储选项存储高级内容,然后直接或通过HTTP服务器交付。
But to restrict access to the content, we can use two different approaches.
但是为了限制对内容的访问,我们可以使用两种不同的方法。
S3预签名URL (S3 Pre-Signed URLs)
Suppose that our application would serve a private file, stored on a private bucket on S3, to specific users. That can be done by providing the users with a pre-signed URL, which can be generated by the IAM user who has access to that private bucket.
假设我们的应用程序将向S3提供一个专用文件,该文件存储在S3的专用存储桶中。 可以通过为用户提供一个预先签名的URL来完成,该URL可以由有权访问该私有存储桶的IAM用户生成。
I will be showing a quick demo coded in Python using the Boto 3 library for interaction with the AWS services. Initially, you would need to create an IAM user that has at least GetObject and ListBucket permissions for the private bucket where these private files are stored.
我将展示一个使用Boto 3库以Python编码的快速演示,该库可与AWS服务进行交互。 最初,您需要创建一个IAM用户,该用户至少对存储这些私有文件的私有存储区具有GetObject和ListBucket权限。
Afterward, make sure to generate access keys for that user and configure the local CLI with these credentials, to be able to interact with the services through the Boto 3 library.
之后,请确保为该用户生成访问密钥,并使用这些凭据配置本地CLI,以便能够通过Boto 3库与服务进行交互。
Moving on to the actual generation of a pre-signed URL, the following code demonstrates the generation of a pre-signed URL for downloading a private file (called s3.png) in a private bucket.
转到实际生成的预签名URL,以下代码演示了预签名URL的生成,该URL用于在私有存储桶中下载私有文件(称为s3.png )。
It also shows the generation of pre-signed URLs for uploading a file to a private bucket, but we will get to that in a minute.
它还显示了用于将文件上传到专用存储桶的预签名URL的生成,但是我们将在一分钟内完成。
Right now, after the pre-signed URL is generated, the user with that URL can download the file, in a limited time frame (ex. within five minutes after creation).
现在,在生成预签名URL后,具有该URL的用户可以在有限的时间段内(例如,创建后五分钟内)下载文件。
Let’s dive deeper and under
最低0.47元/天 解锁文章
588
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
