I am looking for a quick/cheap way to implement the access management of a CDN containing images.
context
A user usually requests a high number of small images (latency should be below 200ms), and a user requests images one by one.
access management
- A user updates the permission of an image in the DB
- A permission hook is triggered and updates the permission file of the image (add user id in the file)
- Upload/update the S3 bucket with the new permission file
- invalidate CLOUDFRONT cache for this specific file
image request
- A user sends an HTTP request to collect an image METHOD: GET URL: URL/image-id.png HEADER: Authorisation (containing user id)
- The edge lambda intercepts the request, validates the token, uses the image id to retrieve the permission file of the image, and finally verifies if the file contains the user id.
- If any steps in point 2 fail, then the lambda returns an error message; otherwise forward the request to CDN.
What do you guys think? Is it a terrible idea?
