Amazon S3 provides access control
I have multiple PDF files stored in Amazon S3. Each file is associated with a user, and only the owner of the file can access the file. I have completed this on my download page. But the actual PDF link points to an Amazon S3 URL that is accessible to everyone.
How do I enforce the access control rules for this URL? (without making my server proxy for all PDF download links)
a source to share
I would suggest using Amazon S3 authenticated REST urls with an expiration date. They allow temporary, expiring access to the non-public S3 object.
However, if they're going to share a URL, what's stopping them from sharing the file themselves?
a source to share
Each file in your S3 account can have special authority (ACL). You must set all of your PDF ACLs to private
. Then no one will be able to access them.
S3 has an API that allows you to "temporarily" grant read access. For example, the Amazon S3 PHP Library has a function getAuthenticatedURL (string $bucket, string $uri, integer $lifetime, [boolean $hostBucket = false], [boolean $https = false])
.
This will allow you to allow access to the PDF for a certain amount of time (e.g. 5 minutes), which is more than enough if you immediately redirect the user to S3.
a source to share