问题
I have a project where I was storing files in the server itself. The storage is increasing so I need to use a bucket. I thought s3 is the way to go.
The issue is the pdf files are sensitive and I don't want to open them to public. I read about a service called CloudFront but then the new feature of Laravel TemporaryUrl as well.
So as far as I understand, I shouldn't just use s3, but I should use TemporaryUrl too. Do I need to use CloudFront too? So s3 -> CloudFront -> TemporaryUrl? Or was TemporaryUrl's purpose to eliminate CloudFront in between?
So is this enough with TemporaryUrl approach?
// For saving the file:
Storage::put('file.jpg', $contents, 'private');
// For retrieving:
if ($user->has_permission) {
$url = Storage::disk('s3')->temporaryUrl(
'file1.jpg', Carbon::now()->addMinutes(5)
);
}
I am pretty confused and couldn't really find any walkthroughs on this topic. So how should I store and serve sensitive data with Laravel 5.6? I'd be glad for a clarification
回答1:
You can use CloudFront and laravel's TemporaryUrl together. For that you just need to tell laravel s3 driver to use CloudFront url as endpoint in config/filesystem.php. Like this
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION'),
'bucket' => env('AWS_BUCKET'),
'url' => env('AWS_URL'),
'endpoint' => env('AWS_ENDPOINT'),
]
Now in your .env file define your clouldFront url in it like this
AWS_ENDPOINT="https://mycloud.cloudfront.net"
Now when you use laravel's TemporaryUrl it will give you cloudFront url.
EDIT: (After comment)
Do I need to use CloudFront for sensitive data
CloudFront is used for Content delivery networks (CDN). So, it has nothing to do with security it uses S3 bucket as origin and server files from there based on it configured.
S3 is enough for security?
S3 has sufficient file permission system that can protect your file, just configure it properly. You can store your file privately at S3 and then use laravel TemporaryUrl. What it does internally just create a AWS signed url with expiry time. So, yes you can use it. If any day you need to speed your file delivery then create CloudFront and use it as endpoint
来源:https://stackoverflow.com/questions/51586344/should-i-use-cloudfront-together-as-temporaryurl-for-sensitive-files-in-s3