- 最新
- 最多得票
- 最多評論
Hi,
There is a feature of Amazon CloudFront called signed URLs which might be useful in this scenario. You will need to create these URLS programmatically but they can be valid for a long time.
You can also distribute private content using a signed URL that is valid for a longer time, possibly for years. Signed URLs that are valid for a longer period are useful for distributing private content to known users, such as distributing a business plan to investors or distributing training materials to employees. You can develop an application to generate these longer-term signed URLs for you.
You don't need to connect a CloudFront distribution to your own domain unless you want to and can just use the domain that is auto generated for the distribution.
You can't simultaneously have something be private but offer public links to it; you need some sort of proxy in between to manage the access. If you intend to limit the distribution of your digital products to only those who pay for them (or some other restriction) then you need to control access.
You could do that with IAM or bucket policies that restrict access to certain principals (identifiable things, like users or accounts), but that requires your users to identify themselves in some way. That's where signed URLs are useful, because they allow you to bake authentication and authorization into a public URL.
You can also do that via Cloudfront, restricing access to the bucket to only those who connect through a Cloudfronf Distribution. You don't need to use a custom domain to use Cloudfront, you can just use the autogenerated domain (which will be something like d111111abcdef8.cloudfront.net.
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前