Restricting access to some resources
I made this extremely simplified schema of my app. I am struggling to find a solution to prevent users from accessing resources they don't "own", obviously my apis can access to database, and check if a user can acces to a specific file, but how can i do it on cloudfront? I read about signed cookies, but in all examples i found they grant access to whole cloudfront distribution. I also read about signed url, but being the distribution used also for streaming hls content i can't create a signed url for each single "micro" file of each single stream.
any idea? thank you
- 최신
- 최다 투표
- 가장 많은 댓글
For this use case I'd normally recommend using a signed URL as it does pretty much what you're asking for.
Could you explain more about why you can't create a signed URL for each file? Yes, there's a little bit of compute overhead there; but it happens at the back end and there is already logic in the API to determine file ownership so you're already 90% of the way there.
Hi, thanks for the answer. Streaming through internet means split a single mp4 file in many smaller files. Converting a single mp4 file in a format streamable means create a folder containing an m3u8 playlist file and many *.ts files indexed in that m3u8 playlist file, usually one each 10 seconds of the content to stream. To play this files you have to "pass" the m3u8 file to your player, and it will take care about retrieving each single "ts" file listed in the playlist.
I can generate a signed url using jolly characters to get all the content of the folder, the "m3u8" file and all the "ts" files. But, to make the url safe i have to put an expiring time on it, let say 20 minutes. What happen when the player tryies to get the next ts file after the signed url has expired? i could intercept this event and generate a new url to replace the expired one but i don't think that videoplayer would like changing source while playing it. this is a really big problem.
관련 콘텐츠
AWS 공식업데이트됨 3년 전
