I'm a Java backend engineer working on a feature that the frontend (SPA and Android) must send (large) files to S3. Since I have to manage with a lot of requests. Because of network overload reasons I'm avoiding to make a 'proxy' service where the frontend send me the file so that I can send it to S3 but I have some concern about the best way to keep my apps secure.
I looked for some solutions but I cannot find one that manages exactly what I want.
Amazon S3 upload with not showing secret key in frontend
This post has almost my answer but I don't have enough score to comment. S3 upload directly in JavaScript
I read some documentation on AWS but I still have some questions and some requisites.
- The solution may permit the client an authenticated user to send a file to s3 directly
- It may make a GET call to get some token or something like that (without sending a lot of data)
- It's to be secure (no secret key knowledge at the frontend)
Which solution may be good for me?
- The backend may generate a signing key and send it to frontend making the request to AWS (http://ift.tt/MAhjFk)
- I can use STS to generate a temporary credential for each upload.
Do you think these approach will work? Which one do you think is better? What are the trade offs? Is there other way to deal with this problem?
Aucun commentaire:
Enregistrer un commentaire