限制Amazon S3下载服务 [英] Limiting amazon s3 downloads service

问题描述

我运行一项服务，用户可以使用Amazon S3将文件公开上传和下载到我们的网站.上个月，我们遇到了一个问题，用户上传的文件疯狂下载，导致170 TB的带宽和巨额账单.

I run a service where the users can publicly upload and download files to our site, using Amazon S3. Last month we had a problem where a user uploaded a file that was downloaded like crazy, resulting in 170 TB of bandwidth and a huge bill.

与Amazon交谈并在StackOverflow上进行搜索以确保不再发生这种情况的方法是下载S3日志以对其进行解析，然后从那里进行操作.

Talking to Amazon and searching on StackOverflow the way to ensure this doesn't happen again is to download the S3 logs parse them, and take actions from there.

我们可以构建这样的脚本，但是我想必须有一些开源或第三方服务为此提供脚本或服务?

We could build such script, but I guess there must be some open source or third party service providing a script or service for this?

推荐答案

有关:

1. 为下载创建 CloudFront 发行版

设置一个 CloudWatch 警报，当分发的 BytesDownloaded 指标超出您选择的每月限制时触发

Setup a CloudWatch alarm that is triggered when the distribution's BytesDownloaded metric exceeds your chosen monthly limit

添加警报触发时触发的通知(发送到您创建的 SNS 主题)

Add a notification (sent to an SNS topic you create) that is triggered when the alarm is fired

添加向该主题发送通知时由SNS触发的 Lambda 函数(SNS主题当然也应订阅您的电子邮件，因此您会收到带有警报的电子邮件)

Add a Lambda function that is triggered by SNS when a notification is sent to that topic (the SNS topic should also have your email subscribed of course so you receive an email with the alarm)

在Lambda函数中编写代码，该代码使用AWS开发工具包更新Cloudfront发行版并将 enabled 值设置为false

In the Lambda function write code that uses the AWS SDK to update the cloudfront distribution and sets the enabled value to false

(您还可以创建一个通知，当警报状态变回OK(确定)并触发lambda函数以重新启用分发功能时触发该通知)

(You could also create a notification that is fired when the state of the alarm changes back to OK and trigger a lambda function that re-enables the distribution)

这篇关于限制Amazon S3下载服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！