如何正确使用S3在Web应用程序中传递和存储文件?

huangapple go评论80阅读模式
英文:

How to properly use s3 to deliver and store files in a web application?

问题

  1. 如果网站需要图片,请求应该首先访问我们的服务,然后从S3获取图片(反向代理),还是客户端直接请求文件?
  2. 如何隐藏文件名、路径名以及在文件请求中管理权限?
  3. 上传新内容时是否适用相同的问题?
  4. 处理S3的配额和并发请求。
英文:

So we are planning to move static content to s3 for operational reasons. I just want to understand where to place s3 in the workflow of handling a request.<br>

  1. If website requires an image, should the request hit our service first which would fetch the image from s3 (reverse-proxy) or should client directly request the file.
  2. How to hide file names ,pathnames and manage permissions in request for file?
  3. Same questions applicable for uploading new content.
  4. Handle s3 quota and parallel requests

答案1

得分: 1

我本打算进行评论,但结果变成了一个完整的答案…

  1. 两者皆可。如果您的资产是公开的,最轻量的方法是直接从公共S3存储桶中请求它们。但如果它们不是公开的,使用CloudFront可能比自行在S3请求周围进行身份验证更容易。

  2. 您可以使得位于 S3.yourBucket/A.jpeg 的资源 A.jpeg 看起来就像位于 yourWebsite.com/A.jpeg 一样使用CloudFront。如果您还想模糊文件名 A,您需要使用例如 API 网关,向前端提供文件,而不会透露任何关于它的信息。如果是我,我可能不会这么麻烦。

  3. 除非绝对必要,不要让用户上传到其他用户从中下载的同一个存储桶。根据用例,有几种上传方法。预签名 URL 非常适用于一次性使用。您还可以通过使用 Cognito,向用户提供只允许写入上传存储桶的 AWS 凭证。

  4. 没有 S3 配额限制。您将根据读取和写入付费。对于简单的网站,这些费用将非常小。如果您担心,您可以使用 CloudFront 为用户设置速率限制。您还可以使用 API Gateway 为各个用户创建限制。S3 可以非常并行化。

英文:

I was going to comment, but this turned into a full answer instead...

  1. Either. If your assets are public, the lowest-weight method is to just request them from a public S3 bucket. If they're not, though, it's probably easiest to use Cloudfront rather than rolling-your-own auth around S3 requests.

  2. You can make it look like your asset A.jpeg in S3.yourBucket/A.jpeg is at yourWebsite.com/A.jpeg using Cloudfront. If you want to also obscure the filename A, you need to use e.g. API gateway to serve you the file without revealing anything about it to your front end. If it were me, I wouldn't bother.

  3. Unless you absolutely have to, don't let users upload to the same bucket that other users download from. There are several approaches to uploads depending on the use-case. Pre-signed URL's are good for one-time use. You can also just provide the user with AWS credentials that are allowed to write-only to the upload bucket, by using Cognito.

  4. There's no S3 quota. You get charged for reads and writes. For a simple site, these charges will be tiny. If you're worried, you can use Cloudfront to rate-limit your users. You can also use API Gateway to create limits for individual users. S3 is extremely parallelizable.

huangapple
  • 本文由 发表于 2020年9月9日 02:49:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/63799929.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定