How to upload and get objects in private s3 bucket through CloudFront?

0

I have web application. Frontend is hosting on private s3 bucket and backend is running on ec2 instance. I have CloudFront with two distribution for each. In application there is functionality where user can upload profile picture. I am successfully uploading picture but not able to get that picture in web app. How can i achieve this ?

2 Answers
2
Accepted Answer

Basically you need to map the user profile record with the cloudfront url and store it somewhere. Here are the steps. You should create separate s3 bucket for profile pictures and point a new cloudfront distribution to the bucket. when user uploads a picture, generate unique file name, upload the file to s3 and store the cloudfront URL of the uploaded image file in your database and associate it to the user record. when you display the user profile, use the cloudfront url that you fetch from database.

profile pictureAWS
EXPERT
SriniV
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago
EXPERT
reviewed 3 months ago
  • Thank you!! I did the same but it's not working. I trying to fetch it through cloudFront.

0

There are many ways to accomplish that, but I would expect you don't want to allow random outsiders to upload whatever data into your S3 bucket for distribution through CloudFront. You would probably want to have the picture initially uploaded to temporary storage, enforcing a modest maximum size (because profile photos wouldn't be terribly large), and at least validating it as technically valid picture of one of the formats you want to support, such as JPEG and PNG, and perhaps enforcing a supported pixel size and possibly also running it through anti-malware scan. You might also want the uploads to be moderated by you or someone you trust before publishing them.

Technically, it'd be possible to generate a presigned URL for S3 or CloudFront to allow authenticated access to the underlying S3 bucket, but if you allowed them to upload files directly to where they would be accessible by other users, there'd be nothing to prevent them from maliciously uploading dangerous or even illegal content.

Since you're familiar with developing your application running on your EC2 instance, perhaps the easiest way would be for the files to be uploaded initially to the code you have running there, enforce the size limit (in bytes), and optionally put it through an anti-malware scan with ClamAV, for example. You could check the file for expected format and pixel size and perhaps also normalise its size with an image processing library, like ImageMagick, and perhaps also put it through a manual review process before allowing it to be shown to other users.

Once the picture would be validated, preprocessed, and optionally approved for publishing, you could upload it from your application on the EC2 instance to your S3 bucket, making it accessible via CloudFront.

EXPERT
Leo K
answered 3 months ago
  • Thank you! But i just want to view the profile image in my application.

  • Where is the profile image? Is it in the S3 bucket in one of the paths published via your CloudFront distributions?

  • Yes, I have seperate s3 bucket for profile images

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions