Distribute files from a private bucket on AWS S3

Updated . Posted . Visible to the public.

Given you store files on Amazon S3 and you need to stream those files out to people while you don't want them to be able to distribute the content simply by sharing the S3 URL.

You could either mark the bucket as private and fetch the appropriate files from S3 to your application server and stream them to the client finally. While this is possible, I'd recommend to use what AWS calls "Query String Authentication" Show archive.org snapshot .

If you're using Paperclip you can chose between two storage adapters (S3 and Fog) that are both capable of handling that for you.
See and documentation Show archive.org snapshot .

irb(main):003:0* your_model.document.public_url
=> "https://your-bucket.s3.amazonaws.com/files//foo/bar/123/456/ab/cd/1/2/3/original/Attachment.pdf"

irb(main):004:0> your_model.document.expiring_url
=> "http://s3-eu-west-1.amazonaws.com/your-bucket/files/foo/bar/123/456/ab/cd/1/2/3/original/Attachment.pdf?AWSAccessKeyId=ABSJASHJK232JAHBS&Signature=V6aJhal2kaB4bxKal23lSMV%2F9w%3D&Expires=1347889426"

The expiring_url method carries out a web service call to S3 to gain the data for AWSAccessKeyId and Signature being used within the URL. So you should not include those links within views but only when the document is requested, i.e. link to attachments/:id and receive + redirect to the expiring_url when the show method of your AttachmentsController.

Thomas Eisenbarth
Last edit
License
Source code in this card is licensed under the MIT License.
Posted by Thomas Eisenbarth to makandra dev (2012-09-17 13:01)