Rails implementation for securing S3 documents

Question

I would like to protect my s3 documents behind by rails app such that if I go to:

www.myapp.com/attachment/5 that should authenticate the user prior to displaying/downlo

Answer 1

You'd want to do two things:

1. Make the bucket and all objects inside it private. The naming convention doesn't actually matter, the simpler the better.

2. Generate signed URLs, and redirect to them from your application. This way, your app can check if the user is authenticated and authorized, and then generate a new signed URL and redirect them to it using a 301 HTTP Status code. This means that the file will never go through your servers, so there's no load or bandwidth on you. Here's the docs to presign a GET_OBJECT request:

https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Presigner.html