Access to S3 objects securely from AWS GRAFANA

Question

Hi, 
I have an AWS GRAFANA dashboard, which uses google SAML to authorize users.  I want to add link to download an S3 object, but I need this link to be secure - I want to avoid this link to be used by unauthorized users. Is there a way to achieve this?  
I have also thought about using some Lambda behind API GATEWAY - but the problem remains the same - I am accessing a link from the client side.

Accepted Answer

You can use a combination of AWS Lambda and Amazon API Gateway.

[1] The Lambda function generates presigned URLs for the S3 objects, which are temporary links that grant access for a limited time. You can expose this function through API Gateway and integrate it with your Grafana dashboard.

[2] To ensure that only authorized users can access the download link, you can configure the [API Gateway with a Lambda authorizer](https://docs.aws.amazon.com/transfer/latest/userguide/custom-identity-provider-users.html) that validates the user's identity. This way, when a user requests to download an S3 object, the dashboard makes an API call to the Lambda function, which returns the presigned URL if the user is authenticated.

[3] On the client side, when a user clicks the download link in the Grafana dashboard, the dashboard first makes an API call to get the presigned URL and then redirects the user's browser to that URL for downloading the object. This approach ensures that the download links are secure and accessible only to authorized users.

Access to S3 objects securely from AWS GRAFANA

관련 콘텐츠