0

I'm trying to figure out a way to grant Open/Download permissions to files that users upload to a bucket of mine. I was reading this: amazon S3 bucket policy - restricting access by referer BUT not restricting if urls are generated via query string authentication, and used it to implement referral based downloads, but what I'm trying to do is: User A uploads a file, only User A and root can access said file. User B uploads a file, only User B and root can access said file.

I'm already adding an account ID to the metadata of each file. Is it possible to use that for authentication? Run an if($s3->get_object_metadata('account_id', $file))=='123'{provide access}?

Community
  • 1
  • 1
David
  • 2,094
  • 3
  • 30
  • 47

1 Answers1

1

A couple of things.

  1. Firstly, please for the love of God, migrate to AWS SDK for PHP 2. SDK 1.x is on the way out, and hasn't received any updates in a while.

  2. Having done that, you can use S3Client::putBucketPolicy() to grant access to a bucket by Canonical User ID (a.k.a., Account ID). That way, you push the responsibility of managing access control back onto the S3 service. When a user tries to access the object, they'll either get a 200 (201, 204, 304, 307), or a 403 if they're not allowed to access it.

  3. If you choose to stay on SDK 1.x, the equivalent method is AmazonS3::set_bucket_policy().

Ryan Parman
  • 6,855
  • 1
  • 29
  • 43