- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello,
In S3, we have something known as access points, which are named network endpoints that serve as the entry point for an application. Applications don't access the S3 Bucket directly but rather through the access points. With access points, we can fine-grain who has access to what in the S3 Bucket using Access Point Policies.
If you are using the SDK with your website, you can specify the access point ARN instead of the bucket name for API operations like GetObject and PutObject. If you want to use this effectively, you also have to have a solid partitioning strategy in place to make access easier.
https://docs.aws.amazon.com/sdkref/latest/guide/feature-s3-access-point.html
In addition to making the files more secure and also only accessible for a limited amount of time, you can use pre-signed URLs in conjunction with the SDK; only users who have permission to the file and also the right IAM permissions can create these pre-signed URLs