Limit access to 'protected S3 files' for some category of users only

Question

**My situation**
I have some paying users, and some non-paying users. If the user is paying, then he should be able to access the images (saved in s3) of all other users on the website. If the user is not paying, he should not be able to access any of the images of the other users.

**What I have tried**
I have tried playing around with 'protected s3 files' that all users can access as long as they are logged in. I guess what I need is some way to further constrain these protected files to additionally be limited to users who are paying. Or maybe Im looking for something entirely different?

Answer

Hello,

In S3, we have something known as access points, which are named network endpoints that serve as the entry point for an application. Applications don't access the S3 Bucket directly but rather through the access points. With access points, we can fine-grain who has access to what in the S3 Bucket using Access Point Policies.

If you are using the SDK with your website, you can specify the access point ARN instead of the bucket name for API operations like GetObject and PutObject. If you want to use this effectively, you also have to have a solid partitioning strategy in place to make access easier.

https://docs.aws.amazon.com/sdkref/latest/guide/feature-s3-access-point.html

In addition to making the files more secure and also only accessible for a limited amount of time, you can use pre-signed URLs in conjunction with the SDK; only users who have permission to the file and also the right IAM permissions can create these pre-signed URLs

Limit access to 'protected S3 files' for some category of users only

相关内容