6đź‘Ť
Edit New Solution:
The Amazon SDK Provides the Pre-Signed Url Feature.
With this you can generate temporary urls to one specific file only for your users.
So the Use case scenario is this.
The S3 Images remain still private.
When a user requests his images, you pass all the links first to the Signing Handler which generates the temp links. (These are set to expire and have plenty of encryption and protection , so it’s impossible for someone to hijack such a link).
The end user can load and view the files in his browser directly from amazon like nothing happened.
Old Solution
Well another workaround might be to store all files in s3 without public access.
Then create an IAM Role for your application and give that role access to the bucket.
Then Create a method which will read the S3 files within your application , and serve them to the user if he has rights.
Simple example.
S3 File Path
//media/group1/folder1/1.png
Request = MyWebMethod/GetFile?internalPath=”folder1/1.png”
{
Int userId = customAuthentication.getUserId();
String CompletePath = “media/group”+userId+”/”+internalPath
var image = AwdSdkClient.getFileFromS3(CompletePath);
return image;
}
So by default each user can request files only within his group.
A more advanced way, is not to fetch the file actually to your server , but create some kind of median data stream pipe to the file. (I am not a Django developer so i don’t know if this is feasible )
0đź‘Ť
You’re looking to effectively provide single sign-on for your web authenticated users. One way, perhaps the only way to handle this, is through the use of a SAML provider. Doing this, you’ll map your third-party authenticated users/groups to AWS IAM users/groups.
It will work, but it will require much more than a few mouse clicks.
- [Django]-ORM ordering vs Model "Meta" ordering – Django 1.11
- [Django]-Django mocks not working as expected
- [Django]-Deploy sentry helm in kubernetes cluster
- [Django]-Multi-thread conversation in django (like Reddit)