Limiting amazon s3 downloads

Question

I'm working on an iOS app which will upload small videos to amazon s3. The videos will then be public and the user will have the ability to share out a URL for each video. I'm concerned about streaming costs (if a video were to go viral, for example). At ~$0.12 per GB of bandwidth, this could quickly get expensive.

I'd like to implement some sort of download limit for each video to prevent this. Once a video has been downloaded a certain amount of times per month, it's no longer public and cannot be downloaded.

I've looked through various docs and am not finding a good way to accomplish this. The only potential solution I've found is to periodically pull down the log files for my s3 bucket, and use that data to determine how many times certain videos have been downloaded. Is this my best bet here, or is there a better way?

Thanks!

Answer 1

You can do this, but will require you to do some coding on your end to make it work.

Method 1 would be to enable detailed s3 logging stats, and then write code to parse those log files and determine by file when an limit has been reached, and then revoke permission on the file to prevent it from being served any more.

Here is info on how to enable detailed s3 logging:

http://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html

Relatively simple, but perhaps a bit inelegant and you do run the risk of going over your limit because of the inherent delay in logs being made available and the delay in processing your logs - so maybe 20 minutes to an hour or more of time might go buy once a limit has been reached, but before your application has enough information to realize it.

Method 2, which imo is a bit more elegant would put an ec2 instance (or instances) in between your ios app and s3 - ios app makes a request to ec2 instance, it lookups up real-time statistics (that it has been accumulating itself, perhaps into dynamodb or rds) and then either returns an s3 url to the appropriate video or returns an over-limit error to the app. Using this method there is no need to revoke s3 privileges, because the ec2 instance acts as a traffic cop and the enabling/disabling access to a particular file can be done in real-time - you also could easily add real-time reporting/notification capacity using this method to let you know when a file or file is going viral if that would be useful.