问题
I have an application that stores images in AWS S3. It is like a profile picture upload case. After uploading the profile picture, the image will be stored in AWS S3 and the S3 link will be stored in a database. The application will then show the profile picture using that link in the database.
Right now, as the bucket is private the profile picture is not visible in my application. How can I use this link to show the image without making the bucket public?
I don't think, I can use AWS's signed URL because this link can't be time-limited. The link need to be available all the time for showing the image on the application.
Is there any method to do so? Or is there any other industry-standard method for making this feature possible?
回答1:
Regarding images, best way is the serve them via CDN (you can link it with S3). Their long, scaffolded URL should be enough (and make a dedicated S3 bucket, public). Check a photo from a friend's Facebook account, it will should even if not logged in. How to setup CDN https://learnetto.com/blog/cloudfront-s3
If you are really concerned about security, you can fetch the images in Base64 (https://stackoverflow.com/a/2429959/290036). Make your bucket private and allow access only to your internal services. That way you have better control, but lose all the benefits of a CDN.
来源:https://stackoverflow.com/questions/58110444/accessing-private-s3-content-only-from-my-application