By using AWS re:Post, you agree to the Terms of Use
/Non guessable CloudFront URL/

Non guessable CloudFront URL

0

I'm wondering if there's a way to make the S3 path unguessable.

Let's suppose I have an S3 path like this: https://s3-bucket.com/{singer_id}/album/song/song.mp3, this file will be served through CloudFront, so the path will be: https://cloundfront-dist-id.com/{singer_id}/album/song/song.mp3?signature=... (I'm using signed URLs). My question is : it is possible to make the /{singer_id}/album/song/song.mp3 not guessable by hashing it using for example Lambda or Lambda@Edge function so the client will see a url like this https://cloundfront-dist-id.com/some_hash?signature= ?

Thanks in advance. https://stackoverflow.com/questions/70885356/non-guessable-cloudfront-url

I am also facing issue. Question may arise why need of hash because signed url are secure. For my side, I need such url with s3 path hidden. I am using same AWS bucket for retrieving image for internal use without signed url and sharing that file to others using signed url.

Internal USe CDN without signed url after CNAMe https://data.example.com/{singer_id}/album/song/song.mp3 Signed url https://secured-data.example.com/{singer_id}/album/song/song.mp3?signature=. &Expires ==

Since both using same AWS bucket and if someone guesses in signed url then access content https://data.example.com/{singer_id}/album/song/song.mp3?signature=. &Expires . File opens .

In this scenario, I want to hide {singer_id}/album/song/song.mp3 to some new value and file is displayed under new name

1 Answers
0

A possible solution to this is to use a proxy to fetch the actual S3 URL that is accessible though the hash URL. Use API Gateway or Application Load Balancer that would map traffic to the proxy service (likely instance or container based as an extremely large object could exceed the 15 min execution time of Lambda), which would look up the actual URL in a table, then stream the object from S3 to the instance and stream the object out to the requester. I've not implemented such a system.

answered 9 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions