仅从我的应用程序访问私有 S3 内容 [英] Accessing private S3 content only from my application

问题描述

我有一个在 AWS S3 中存储图像的应用程序.它就像一个个人资料图片上传案例.上传个人资料图片后，图片将存储在 AWS S3 中，S3 链接将存储在数据库中.然后，应用程序将使用数据库中的该链接显示个人资料图片.

I have an application that stores images in AWS S3. It is like a profile picture upload case. After uploading the profile picture, the image will be stored in AWS S3 and the S3 link will be stored in a database. The application will then show the profile picture using that link in the database.

现在，由于存储桶是私有的，所以个人资料图片在我的应用程序中不可见.如何在不公开存储桶的情况下使用此链接显示图像?

Right now, as the bucket is private the profile picture is not visible in my application. How can I use this link to show the image without making the bucket public?

我不认为，我可以使用 AWS 的签名 URL，因为此链接不能有时间限制.该链接需要始终可用，以便在应用程序上显示图像.

I don't think, I can use AWS's signed URL because this link can't be time-limited. The link need to be available all the time for showing the image on the application.

有什么方法可以做到吗?或者是否有任何其他行业标准方法可以使此功能成为可能?

Is there any method to do so? Or is there any other industry-standard method for making this feature possible?

推荐答案

关于图片，最好的方式是通过CDN服务(你可以链接到S3).他们的长的、脚手架的 URL 应该足够了(并且将专用的 S3 存储桶公开).查看朋友 Facebook 帐户中的照片，即使未登录也应如此.如何设置 CDN https://learnetto.com/blog/cloudfront-s3

Regarding images, best way is the serve them via CDN (you can link it with S3). Their long, scaffolded URL should be enough (and make a dedicated S3 bucket, public). Check a photo from a friend's Facebook account, it will should even if not logged in. How to setup CDN https://learnetto.com/blog/cloudfront-s3

如果你真的很担心安全问题，你可以获取 Base64 格式的图片(https://stackoverflow.com/a/2429959/290036).将您的存储桶设为私有并仅允许访问您的内部服务.这样您可以更好地控制，但会失去 CDN 的所有优势.

If you are really concerned about security, you can fetch the images in Base64 (https://stackoverflow.com/a/2429959/290036). Make your bucket private and allow access only to your internal services. That way you have better control, but lose all the benefits of a CDN.

这篇关于仅从我的应用程序访问私有 S3 内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！