I want to create a one time download link to an amazon s3 hosted file. This link expires once the file has been downloaded.
我想创建一个亚马逊s3托管文件的一次性下载链接。文件下载后,此链接将过期。
I want this file to still be hosted but a visitor can only download the file once.
我希望仍然可以托管此文件,但访问者只能下载一次该文件。
The scenario I need this for is: I have a file download website where users pay for a file. I want the user to only be able to download the file once from the website (and Amazon s3), I also do not want the user to be able to share a direct download link with other people.
我需要这个场景是:我有一个文件下载网站,用户在那里支付文件费用。我希望用户只能从网站(和亚马逊s3)下载文件一次,我也不希望用户能够与其他人共享直接下载链接。
If this isn't possible I wonder if it is more efficient to limit it by an IP address or Cookie if possible?
如果这是不可能的,我想知道如果可能的话,用IP地址或Cookie来限制它是否更有效?
3 个解决方案
#1
13
There is no way to tell S3 to allow a link to be used only once. But you can create a link that can only be used until a specified time. What I do is redirect the requester to an S3 link that expires in a few minutes, so he or she doesn't have time to share it. You can make that expiration time very short, even a few seconds, so long as their browser has time to receive the redirect response and follow it.
无法告诉S3允许链接仅使用一次。但是您可以创建一个只能在指定时间之前使用的链接。我所做的是将请求者重定向到几分钟内到期的S3链接,因此他或她没有时间分享它。只要浏览器有时间接收重定向响应并遵循它,您就可以将到期时间设置得非常短,甚至几秒钟。
#2
3
You can write an "one time url generator" service (either in form of website or rest API) and make use of aws federated user feature to achieve this.
您可以编写“一次性URL生成器”服务(以网站或其他API的形式)并使用aws联合用户功能来实现此目的。
Consider the following procedure:
请考虑以下过程:
- When user wants a one time url, they send the request to your "one time url generator" service.
- 当用户想要一次性网址时,他们会将请求发送到您的“一次性网址生成器”服务。
- The your service generates a "one time url" and returns it to the user. The url is a one-to-one mapping to the S3 resource the user wants.
- 您的服务生成“一次性URL”并将其返回给用户。 url是用户想要的S3资源的一对一映射。
- When the user makes a requests to the "one time url", the service creates a temporary user using the AWS federated user feature, and generates an S3 presigned url on behalf of the temporary user.
- 当用户向“一次性URL”发出请求时,该服务使用AWS联合用户功能创建临时用户,并代表临时用户生成S3预签名URL。
- The service sends the response back to the user, redirecting to the presigned url.
- 服务将响应发送回用户,重定向到预先签名的URL。
- The user follows the redirection, and starts downloading the file.
- 用户遵循重定向,并开始下载文件。
- The service then deletes the temporary user. (Or lets it expire.)
- 然后该服务删除临时用户。 (或让它过期。)
#3
0
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateCFSignatureCodeAndExamples.html
Use a signed URL. Only this user can use this URL. It also relies on the AWS SDK
使用签名的URL。只有此用户才能使用此URL。它还依赖于AWS SDK
#1
13
There is no way to tell S3 to allow a link to be used only once. But you can create a link that can only be used until a specified time. What I do is redirect the requester to an S3 link that expires in a few minutes, so he or she doesn't have time to share it. You can make that expiration time very short, even a few seconds, so long as their browser has time to receive the redirect response and follow it.
无法告诉S3允许链接仅使用一次。但是您可以创建一个只能在指定时间之前使用的链接。我所做的是将请求者重定向到几分钟内到期的S3链接,因此他或她没有时间分享它。只要浏览器有时间接收重定向响应并遵循它,您就可以将到期时间设置得非常短,甚至几秒钟。
#2
3
You can write an "one time url generator" service (either in form of website or rest API) and make use of aws federated user feature to achieve this.
您可以编写“一次性URL生成器”服务(以网站或其他API的形式)并使用aws联合用户功能来实现此目的。
Consider the following procedure:
请考虑以下过程:
- When user wants a one time url, they send the request to your "one time url generator" service.
- 当用户想要一次性网址时,他们会将请求发送到您的“一次性网址生成器”服务。
- The your service generates a "one time url" and returns it to the user. The url is a one-to-one mapping to the S3 resource the user wants.
- 您的服务生成“一次性URL”并将其返回给用户。 url是用户想要的S3资源的一对一映射。
- When the user makes a requests to the "one time url", the service creates a temporary user using the AWS federated user feature, and generates an S3 presigned url on behalf of the temporary user.
- 当用户向“一次性URL”发出请求时,该服务使用AWS联合用户功能创建临时用户,并代表临时用户生成S3预签名URL。
- The service sends the response back to the user, redirecting to the presigned url.
- 服务将响应发送回用户,重定向到预先签名的URL。
- The user follows the redirection, and starts downloading the file.
- 用户遵循重定向,并开始下载文件。
- The service then deletes the temporary user. (Or lets it expire.)
- 然后该服务删除临时用户。 (或让它过期。)
#3
0
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateCFSignatureCodeAndExamples.html
Use a signed URL. Only this user can use this URL. It also relies on the AWS SDK
使用签名的URL。只有此用户才能使用此URL。它还依赖于AWS SDK