How to properly handle repeatedly served images on S3 - node.js

I am developing a web app kind of like canva so I have design images I need to store. Is the best way to store them on s3 just to manually upload each design, make the bucket public, and input the url to each image in my web app?
I ask this question because
I don't know if just making the bucket public is standard practice.
Since the user will be repeatedly loading the main page with all the designs, the images will be constantly reloading. That's why I say repeatedly in the title. Is there a way to better handle the images so it doesn't constantly request?
What I've tried- I've looked at the documentation, but honestly I do not like the AWS documentation. In my opinion it doesn't give clear answers to questions like these. I've looked for other stack overflow questions, and I could not find a lot clearly discussing this either.
Let me know if I'm not being clear on anything. Obviously I am not well versed in image storage or anything in that realm so any advice would be greatly appreciated.

Its fine to make such buckets public with permissions like u can add domain specific permission and keep it public.
If you directly serving from S3, at some point it will cost u more. Provision cloudfront with S3 to serve images. AWS already provides image handler, you can find in cloud formation templates

Related

Upload file to online storage/google drive/anything, without any prompt?

what I'm trying to do is a website for a photography contest.
I'm using Node.js, Express, MongoDB and Mongoose. I've already managed to allow users to register using MongoDB.
What I am missing now is the space to store the photographs (weight ranging from 5mb to 50mb), and I am looking for a preferably free method of doing this.
I thought of an upload to Google Drive via the API (due to the free 15gb) but I want something that is automatic, I don't want the user to enter credentials or anything else, I want the server to take care of everything by sending only a confirmation that everything went well. From what I understand through the Google API it would always be a question of requesting an authorization and access to Google, which I do not want.
I don't know if I misunderstood and if there is a way to do it through Google in the way I mean but, if there wasn't, any online storage would be fine.
Sorry for poor english. Thank you.
For what you're trying to do, I think Firebase Storage may be the best fit:
https://firebase.google.com/pricing
You 10 GB free storage, and it's probably the easiest way to do it. Here's some stuff to get started:
https://firebase.google.com/docs/storage
Best of luck!

Protecting the AWS S3 download links

I have been developing a website where people can buy digital products and then download them after the payment. I am using MERN stack and thinking of using AWS S3 for storing the digital products.
I am quite worried about implementing the security. I want to make sure that nobody can find an evil way to download files unless they purchased the product.
Not only about AWS S3 but anything you can suggest is appreciated.
I am not really an experienced guy on this industry since I am a mechanical engineer. So, I appreciate even a single bit of your suggestions.
You should use Amazon S3 pre-signed URLs.
It works like this:
All files in Amazon S3 remain private
Users interact with your website and purchase the software
Your website then generates a pre-signed URL, which is a time-limited link to a private object stored in Amazon S3
Users can click that link to download the file. After the expiry period (which you can set), the link will no longer work.
Yes, they could share that link with other people, but it would only work for the stated time period (eg 5 minutes).
The signed URL only takes a couple of lines of code to generate. It can be generated within your app, without having to make an API call to S3.

Stream videos securely using AWS CloudFront

I am attempting to serve paid videos to the users of my website, which is using php and is hosted on AWS.
I was wondering if:
1) anyone has successfully managed to serve video content through CloudFront securely? No matter what I try, FlashDownloadPlayer has managed to download the video.
2) will the video I upload automatically play in all devices/platforms regardless of input raw file I use ? I wasn't able to confirm this through AWS documentation.
Regardless, any ideas to make video downloading extremely difficult (atleast not through flashDownloadPlayer) would really be appreciated.
My videos are stored in AWS S3.
Thanks!
Yes you can do this through Cloudfront and have it be just as fast as Youtube, with a CDN on a similar scale as Google. The difference being you can make Cloudfront private and encrypted as you mention. For example, we host dozens of confidential online videos behind our business Intranet and Extranet site. Obviously the site is password protected, and the videos needed to be private. Cloudfront let's you encrypt the video and embed inside a video player such as JWPlayer. This was the only way we could pass our security audit, while still serving massive video content and have it be fast. It sounds quite involved, but we followed a great guide in this tutorial and got this going in a few hours. Very straight forward.
https://centroy.com/blog/secure-video-alternative-to-youtube

How to secure downloads using Cloudfront

I have videos containing educational content. I'd like to distribute these videos using S3 and my DNN site. I've created my s3 bucket with all the videos.
I'd like users to be able to log in and be able to download the videos that they have paid for.
Also, i'd like to prevent users from sharing video urls(hotlinking).
I've looked into private distributions but it seems a little complicated as far as signed urls.
Ideally, I'd have some kind of a policy on cloudfront that would only allow videos to be download from my own domain.(i remember doing something like this with s3 itself where i would add a custom acl that would specify the httpreferrer)
Thanks for your help, my head was about to explode due to information overload.
Cristian
The ideal would be to use a plugin that generates the expiring URLs for you.
If you are on Joomla or Wordpress, you may want to look into S3Media Stream.
Just google it and you will find it quite easily.
I hope this helps?

How to securely serve S3 files to blog

I'm starting a blog and i'm in the process of choosing where should i host it. For now i want a free solution like Blogger or Wordpress.com.
The problem i'm facing is that i want to use files i have in a S3 bucket in my blog but none of the blog solutions i found supports any kind of server code, which means that in order to use S3 query string authentication i would have to put vulnerable information in the client. For obvious reasons i don't want to do that.
So, i'm looking for ideas on how i can safely include content from S3 in a free blog host.
Im not aware of any blog software that by default supports Amazon S3. So your best shot is to get a cheap hosting (hosting is really cheap these days, a few dollars a month). Then you can install a plugin which supports Amazon S3.
I think we might need a bit more detail here. For example, if you just want to link to files on S3 from your blog, you can make the files globally readable on S3 and then just link to them, with no authentication necessary.
If you want to do something more complex, maybe look into hosting WordPress yourself using WordPress.org, at which point you can use server-side code yourself, perhaps as a plugin. Or, maybe there's an existing plugin that works with WordPress that would suit you -- there's definitely a plug-in which copies WordPress file uploads to S3 and then serves them from there, rather than from your blog host, for example. It's not free a free solution, but hosting starts pretty cheap.
For fairly obvious reasons of security, there aren't any blog service providers I can think of who provide server-side code access.

Resources