I’m amazed at how many S3 tutorials leave the permissions/acl as ‘public-read’. I’m using
edgee:slingshot for uploads. I would like to secure downloads from clients to my S3 buckets.
- On a click event the client calls a method
- My server gets the temporary URL from AWS and returns that in the method - http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth
- The client redirects to the URL
Am I on the right track? Has anyone else implemented this?