How can I grant access to my cloud storage for clients?



  • I am developing a webshop for large digital products (multiple .tif image files). These are currently stored in an S3 bucket.

    What is a recommended way to grant access to my customers once they have purchased the product? I am trying to determine how to grant access to clients who may not have their own S3 account (otherwise I could set up an IAM Policy to suit), so they can access a specific folder and download all files within. Adding password protection is important, I don't want to store the data and make it public access.

    Would Google Cloud Services have additional features which might meet this requirement? Could I use an online cloud storage browser to grant access to customers without S3 details?



  • Use S3 Pre-signed URLs - here's a demo: https://aws.nz/best-practice/s3-presigned-url/

    When the customers purchase the file you'll generate a unique pre-signed URL for the file in S3 that will expire in, let's say 1 hour. You don't have to keep track of it or record it anywhere, simply generate the URL and give it to the customer. If they need to download the file again later on and still have a valid subscription (if that's a concept on your website) you can generate them a new Pre-signed URL on demand.

    Don't make the expiration too long to prevent a risk of leaking through forums, reddit, etc. It's better to make it short and generate on-demand when they need it.

    Hope that helps 🙂




Suggested Topics