Menu
I'm building a PHP website which will keep its content files on Amazon S3. The website files (with PHP code) are hosted on a traditional server. Users will register on the website and after registering and logging in they will have access to the files on S3.
The question is, how to let only logged in users download the files and prevent everyone else from downloading? Does AWS IAM have to be involved somehow?
I don't want expiring URLs. I want to give access to files to only a specific user and I don't want them to share the link with anyone else for any period of time.
In future I will also want to limit access to files for registered users - depending on the type of user account the user will have access to different files.
Thx in advance for replies!
299
You can use the NotPrincipal element of an IAM or S3 bucket policy to limit resource access to a specific set of users. This element allows you to block all users who are not defined in its value array, even if they have an Allow in their own IAM user policies.
This can be done... I use ROR instead of PHP where my application controls access to data in an S3 bucket. I have buckets that my app can access and file access is limited by their credentials in my app. Make sense?
I have a public bucket to store my assets (publicly available images) and a bucket that only my application can access. Users in my application can only access certain bits of bucket based on their credentials.
The database stores a reference to the exact s3 file / location, how to access it (encrypted credentials and keys passed during transaction), and who can access it.
Read up on serving web assets from an S3 bucket and creating an upload form to an S3 bucket. That will give you an idea of how to interact wit S3 buckets. Once you can interact with the bucket content you can control access with your web application.
Good Luck!
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
