tags:

views:

1910

answers:

6
+5  Q: 

Amazon S3 permissions

Trying to understand S3...How do you limit access to a file you upload to S3? For example, from a web application, each user has files they can upload, but how do you limit access so only that user has access to that file? It seems like the query string authentication requires an expiration date and that won't work for me, is there another way to do this?

A: 

You might find some help in this SO question's responses.

DOK  2009-04-19 20:12:28
A: 

You will have to build the whole access logic to S3 in your applications

cloudberryman  2009-04-19 20:24:55
+7  A: 

There are various ways to control access to the S3 objects:

  1. Use the query string auth - but as you noted this does require an expiration date. You could make it far in the future, which has been good enough for most things I have done.

  2. Use the S3 ACLS - but this requires the user to have an AWS account and authenticate with AWS to access the S3 object. This is probably not what you are looking for.

  3. You proxy the access to the S3 object through your application, which implements your access control logic. This will bring all the bandwidth through your box.

  4. You can set up an EC2 instance with your proxy logic - this keeps the bandwidth closer to S3 and can reduce latency in certain situations. The difference between this and #3 could be minimal, but depends your particular situation.

dar  2009-04-20 12:28:03
+4  A: 
  1. Have the user hit your server
  2. Have the server set up a query-string authentication with a short expiration (minutes, hours?)
  3. Have your server redirect to #2
Marc Hughes  2009-04-20 12:43:17
A: 

I've been dealing with this, too. Don, who wrote the S3 PHP class I'm using, pointed out you can use dirs inside buckets. So you can put your file in a dir with a random string and then redirect to that. mybucket.amazon.net/wef49kfe4j409jf4f4f9jdfd/myfile.zip While not at all secure, you can control access to it by changing permissions or creating and deleting it (keep the original securely in a different bucket) as necessary.

Corey Maass  2009-05-02 12:00:20
A: 

DragonDisk is a fast S3 client with an intuitive graphical user interface : http://www.dragondisk.com

Tony  2010-05-15 20:48:20

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python