Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

How to authenticate the big-size file download from S3?

0

I am researching on the option to authenticate the big size (100MB at least) file download from S3. The very big challenge is the premise that I don't want to use Pre-signed URL for security reasons. I researched loads of posts about authentication and that all directs features to API Gateway and Lambda function, but I notice the payload/request limit for API Gateway and Lambda to be 10 MB and 6 MB. I know I certainly can truncate the file into the pieces within the limit. But I'd like to also seeking for options. Ideally what I was looking for is that the URL that I use to download the file is pretty much like a S3 Object URL but the only difference is that I provided a token (JWT or something) as a query string or some other format then the Lambda/Other services authorize the access by verifying the token using Cognito and that's it. The file download should be the same as an original download and I don't have to face the challenge on file size limit. Would that be possible? Is there any similar solution available?

  • ben-from-aws ESPECIALISTA
    há 9 meses

    Hi, could you explain why you don't want to use pre-signed URLs?

  • rgao-baby
    há 9 meses

    I would like my device to perform download files from S3, but we would like another authentication method to authenticate download other than AWS cli with credentials. The device would need a presigned URL to perform download using wget or something right? But I found presigned URL is only time-limited but without authentication option. I was searching for a way to have device wget an API endpoint and provides token as part of URL, then directly perform the file download. I also tried refer to bucket policy, but the IP address is not guaranteed.

Tópicos
ArmazenamentoSem servidorComputaçãoSegurança, identidade e conformidadeWeb e dispositivos móveis front-endRede e entrega de conteúdo
Tags
Serviço de armazenamento simples da AmazonAWS LambdaAWS Identity and Access ManagementGateway do Amazon API
Idioma
English
rgao-baby
feita há 9 meses772 visualizações
2 Respostas
0

This blog post walks through an authenticated S3 Uploader which you could modify to be a downloader. Allowing external users to securely and directly upload files to Amazon S3.

profile pictureAWS
ESPECIALISTA
kentrad
respondido há 9 meses
  • rgao-baby
    há 9 meses

    Sorry, this guide seems not helpful for reference? This tutorial directly use Amplify UI for S3 upgrade right? Isn't that all authentication and everything hidden in the Upgrade UI? Could you please provide more insights?

0

This is fairly old, so has probably already been solved by the OP. But as future reference for anybody finding this post -- consider using a Lambda@Edge authorizer tied into a CloudFront distribution pointing at the s3 bucket. This will avoid using pre-signed URLs without introducing file size limits.

Michael
respondido há 2 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante