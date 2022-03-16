Amazon S3 multiple subdomains and private files

PHP
#1

Hi,

I’ve got multiple subdomains and for each subdomain I would like to store some files on amazon S3 and all these files are private so can only be downloaded after user logs in. Also, some of the files are for a specific user others are for multiple users. Is it possibile with Amazon S3? and what is the best way to achieve this?

Many thanks

#2

What you can do is keep all files in the S3 buckets private, and once you’ve decided in the application that someone is allowed to access one of those files, generate a presigned URL for them (see https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html).
The user can then visit the URL for a limited amount of time (which you can specify when creating the signed URL), after which the URL will no longer work.
There is of course still the chance that the user will share such a URL with someone else, but the change gets smaller as you make the time that the link is valid smaller.

#3

Hi @rpkamp many thanks for your reply. I would like to ask you some clarification:

I suppose i need to assign the file details (not sure what details I will then need to identify the file on amazon S3 for the future download) to a specific user in mysql database correct? Then check if that file is assigned to the user and then generate the presigned URL.

Also avoid confusion between different subdomain I would like to upload different files for each subdomain into subdomain folders inside the same bucket will it be possible? How do I then identify where the file is stored on Amazon s3 bucket when I need to create the presigned URL?

Many thanks

#4

Yes. You’d need to store the connection between a user and which files they are allowed to access in the database.

S3 supports creating directories as well as files, so you can create any structure you like and save the file path in the database. You can that use that path to ask the S3 API to generate a presigned URL.

As for the subdomains, that could be the first level of folders.

So a path might look something like

foo.example.com/subfolder/subsubfolder/Lorem.pdf

You can create a URI with s3 as the schema and the bucket name as the “host” if that is easier. At least then there won’t be any confusion as to which bucket the file is in.

That would look something like

s3://my-bucket/foo.example.com/subfolder/subsubfolder/Lorem.pdf

You can then use parse_url in PHP to get the separate parts (bucket name, path) out.

1 Like
#5

Yes I was thinking about creating several buckets to match with each single subdomain but I believe I read somewere that there is a limit on how many buckets can be created. I might be wrong though

Checking the code on aws-sdk here https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/php/example_code/s3/PresignedURL.php

I can see this code:

//Creating a presigned URL
$cmd = $s3Client->getCommand('GetObject', [
    'Bucket' => 'my-bucket',
    'Key' => 'testKey'
]);

it passes the bucket name (not sure if I can pass the bucket subdirectory for example my-bucket/subdomain)? The key I suppose will be the same for each subdomain as it is refered to the bucket and not the folder insed it correct?

#6

The Bucket is just the bucket name. No folders here.

The Key is the path of the file within the given bucket (including any directories).

1 Like
#7

Perfect sorry very silly I thought the key was somthing else :frowning: I should heve read documentation. Many thanks for your help :wink:

1 Like
#8

No worries. The name Key is quite confusing. It’s also a term often used in cryptography, which makes it even more confusing combined with presigned URLs.

Oh well.