I'm working on an app for my company that allows users to upload images via pre-signed URLs to our S3 bucket. Currently, this bucket is public-read because the information isn't highly sensitive, but I want to change it to private for security reasons. My main concern is how to display a gallery with, say, 100 thumbnails. If the bucket is private, do I really need to send 100 separate requests to generate pre-signed URLs for each image? Is there a more efficient way to handle this, perhaps by using a token or header to authorize users automatically?
3 Answers
You might want to check out CloudFront for this! It can serve as a public endpoint and handle the access control for your private S3 bucket. This way, you won't need pre-signed URLs for reading images, which should simplify things significantly. You'd set up CloudFront to read from your S3 bucket while leaving the upload process as it is. Plus, CloudFront's caching will reduce the number of requests to your bucket.
Serving content directly from the S3 bucket isn't the best idea, as it can lead to higher costs. Using a CDN like CloudFront is definitely the way to go for improved performance and cost efficiency.
In response to your concern about the 100 URLs, you actually don't need to hit your backend 100 times. Instead, your client can send one request to get a batch of pre-signed URLs from your backend in a single response. That way, it's much more efficient, and it saves on API calls.
Yeah, exactly! Just set up a CloudFront distribution for reading images, adjust the bucket policy so CloudFront can access them, and you won't have to worry about public access directly to S3.