I was actually using cloudinary for a while. I ultimately made the decision to move to s3 because it would be much less expensive long term and didn’t require many of added media manipulation features. At the time I didn’t have a great understanding of fine grained access control which is now a huge benefit of aws. I also have a creative cloud subscription and it has been on my mind if that could used as a public facing cdn as well. That said s3 and aws is working out well for my side project purposes. Much of that knowledge is directly connected to my professional work as I’m able to speak and provide actually detailed solutions for cloud migrations even bypassing custom rest apis and communicating directly with services in the cloud like s3 in the browser.
This prototype demonstrates securely fetching objects from a s3 bucket directly in the browser using zero-trust signed http requests for calls to the rest api. There is a basic server-side proxy to circumvent cors but other than that http request is created and signed in the browser and sent directly to s3 rest api without a need for any custom middle layer.
This is the Typescript s3 implementation of that with the signHttpRequest method at the very bottom. Instead of using the s3 sdk the http request is manually created so it can be signed using that method.
This method can be applied for any JavaScript application. It can also be applied to any aws s3 service.
This is the request that hits aws s3 directly through a basic proxy which would be v4 signed.
That file has a domain object “panel page” stored in natural form as a json s3 object.
The same thing is also being done for open search which is where all the application routes are being stored.
These two solutions combined effectively provide a feature rich, low cost, highly available, auto scaling, secure alternative to a traditional relational database or even something like mongo. Not to mention fine grained access control can be taken full advantage of using signed urls to communicate with each service through federated identities in aws cognito.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html