0

I have a project where I was storing files in the server itself. The storage is increasing so I need to use a bucket. I thought s3 is the way to go.

The issue is the pdf files are sensitive and I don't want to open them to public. I read about a service called CloudFront but then the new feature of Laravel TemporaryUrl as well.

So as far as I understand, I shouldn't just use s3, but I should use TemporaryUrl too. Do I need to use CloudFront too? So s3 -> CloudFront -> TemporaryUrl? Or was TemporaryUrl's purpose to eliminate CloudFront in between?

So is this enough with TemporaryUrl approach?

// For saving the file:
Storage::put('file.jpg', $contents, 'private');

// For retrieving:
if ($user->has_permission) {

   $url = Storage::disk('s3')->temporaryUrl(
      'file1.jpg', Carbon::now()->addMinutes(5)
   );
}

I am pretty confused and couldn't really find any walkthroughs on this topic. So how should I store and serve sensitive data with Laravel 5.6? I'd be glad for a clarification

senty
  • 12,385
  • 28
  • 130
  • 260

1 Answers1

2

You can use CloudFront and laravel's TemporaryUrl together. For that you just need to tell laravel s3 driver to use CloudFront url as endpoint in config/filesystem.php. Like this

's3' => [
        'driver' => 's3',
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_DEFAULT_REGION'),
        'bucket' => env('AWS_BUCKET'),
        'url' => env('AWS_URL'),
        'endpoint' => env('AWS_ENDPOINT'),
]

Now in your .env file define your clouldFront url in it like this

AWS_ENDPOINT="https://mycloud.cloudfront.net"

Now when you use laravel's TemporaryUrl it will give you cloudFront url.

EDIT: (After comment)

Do I need to use CloudFront for sensitive data

CloudFront is used for Content delivery networks (CDN). So, it has nothing to do with security it uses S3 bucket as origin and server files from there based on it configured.

S3 is enough for security?

S3 has sufficient file permission system that can protect your file, just configure it properly. You can store your file privately at S3 and then use laravel TemporaryUrl. What it does internally just create a AWS signed url with expiry time. So, yes you can use it. If any day you need to speed your file delivery then create CloudFront and use it as endpoint

rkj
  • 8,067
  • 2
  • 27
  • 33
  • I wanted to ask - Do I need to use CloudFront for sensitive data or TemporaryUrl & S3 is enough for security? – senty Jul 30 '18 at 13:31
  • 1
    CloudFront is used for Content delivery networks. So, i don't think it is related to security. S3 has sufficient permission system that can protect your file. – rkj Jul 30 '18 at 13:37
  • So just using temporaryUrl approach is enough for permissions? I'm pretty confused because I saw people using pem files etc.; but then havent seen anyone with Laravel's TemporaryUrl using those. That's why I got confused – senty Jul 30 '18 at 13:39
  • 1
    You can store your file privately at S3 and then use laravel `TemporaryUrl`. What it does internally just create a AWS signed url with expiry time. So, yes you can use it. If any day you need to speed your file delivery then create `CloudFront` and use it as endpoint. – rkj Jul 30 '18 at 13:41
  • Huge thanks for the clarification! You just shed big light – senty Jul 30 '18 at 13:49