我是否应该将CloudFront一起用作s3中敏感文件的TemporaryUrl [英] Should I use CloudFront together as TemporaryUrl for sensitive files in s3

问题描述

我有一个项目，我将文件存储在服务器本身中.存储空间正在增加，因此我需要使用存储桶.我以为s3是必经之路.

I have a project where I was storing files in the server itself. The storage is increasing so I need to use a bucket. I thought s3 is the way to go.

问题在于pdf文件敏感，我不想将其公开.我读到有关一项称为CloudFront的服务的信息，但同时也了解了Laravel TemporaryUrl的新功能.

The issue is the pdf files are sensitive and I don't want to open them to public. I read about a service called CloudFront but then the new feature of Laravel TemporaryUrl as well.

据我了解，我不应该只使用s3，而我也应该使用TemporaryUrl.我也需要使用CloudFront吗?那么s3 -> CloudFront -> TemporaryUrl?还是TemporaryUrl的目的是消除两者之间的CloudFront?

So as far as I understand, I shouldn't just use s3, but I should use TemporaryUrl too. Do I need to use CloudFront too? So s3 -> CloudFront -> TemporaryUrl? Or was TemporaryUrl's purpose to eliminate CloudFront in between?

使用TemporaryUrl方法就足够了吗?

So is this enough with TemporaryUrl approach?

// For saving the file:
Storage::put('file.jpg', $contents, 'private');

// For retrieving:
if ($user->has_permission) {

   $url = Storage::disk('s3')->temporaryUrl(
      'file1.jpg', Carbon::now()->addMinutes(5)
   );
}

我很困惑，真的找不到关于该主题的演练.那么我该如何使用Laravel 5.6存储和提供敏感数据呢?我很高兴得到澄清

I am pretty confused and couldn't really find any walkthroughs on this topic. So how should I store and serve sensitive data with Laravel 5.6? I'd be glad for a clarification

推荐答案

您可以将CloudFront和laravel的TemporaryUrl一起使用.为此，您只需要告诉laravel s3驱动程序将CloudFront url用作config/filesystem.php中的端点即可.像这样

You can use CloudFront and laravel's TemporaryUrl together. For that you just need to tell laravel s3 driver to use CloudFront url as endpoint in config/filesystem.php. Like this

's3' => [
        'driver' => 's3',
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_DEFAULT_REGION'),
        'bucket' => env('AWS_BUCKET'),
        'url' => env('AWS_URL'),
        'endpoint' => env('AWS_ENDPOINT'),
]

现在在您的.env文件中，像这样在其中定义您的clouldFront网址

Now in your .env file define your clouldFront url in it like this

AWS_ENDPOINT="https://mycloud.cloudfront.net"

现在，当您使用laravel的TemporaryUrl时，它将为您提供cloudFront网址.

Now when you use laravel's TemporaryUrl it will give you cloudFront url.

(评论后)

我是否需要使用CloudFront来处理敏感数据

Do I need to use CloudFront for sensitive data

CloudFront用于内容交付网络(CDN).因此，它与安全性无关，它使用S3存储桶作为源，并根据其配置从那里使用服务器文件.

CloudFront is used for Content delivery networks (CDN). So, it has nothing to do with security it uses S3 bucket as origin and server files from there based on it configured.

S3是否足以保证安全性?

S3 is enough for security?

S3具有足够的文件许可权系统，可以保护您的文件，只需对其进行正确配置即可.您可以在S3上私下存储文件，然后使用laravel TemporaryUrl.它在内部所做的只是创建带有到期时间的AWS签名url.因此，是的，您可以使用它.如果有一天需要加快文件传输速度，请创建CloudFront并将其用作端点

S3 has sufficient file permission system that can protect your file, just configure it properly. You can store your file privately at S3 and then use laravel TemporaryUrl. What it does internally just create a AWS signed url with expiry time. So, yes you can use it. If any day you need to speed your file delivery then create CloudFront and use it as endpoint

这篇关于我是否应该将CloudFront一起用作s3中敏感文件的TemporaryUrl的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！