gpt4 book ai didi

cdn - 通过 CDN 为 protected Assets 提供服务

转载 作者:行者123 更新时间:2023-12-04 02:07:36 28 4
gpt4 key购买 nike

我们希望提供来自少数可用 AWS 区域的大量视频文件。目标受众来自全局多个地点。不保证连接速度。因此,绝对需要 CDN(最好是 CloudFront)。

视频需要受到保护,因此只有在用户经过身份验证和授权才能观看这些视频的情况下才能播放。显然,谁可以看到什么以及何时可以看到的逻辑是应用程序的一部分。从源头流式传输视频会慢得令人无法接受。公开和缓存视频也不是一种选择。

人们如何解决此类问题?

最佳答案

Amazon CloudFront还提供Serving Private Content through CloudFront解决您的用例:

Many companies that distribute content via the Internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee. To securely serve this private content using CloudFront, you can:

  • Require that your users use special CloudFront signed URLs to access your content, not the standard CloudFront public URLs.

  • Require that your users access your Amazon S3 content using CloudFront URLs, not Amazon S3 URLs.



由应用程序生成和分发所需的 Signed URLs但是,考虑到谁可以看到什么以及何时是应用程序逻辑的一部分的逻辑,您似乎已经为该部分做好了充分的准备。

请注意,您需要确保 Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content以便用户无法泄漏/猜测 S3 URL,并且确实需要通过 CloudFront。

If you want to use CloudFront signed URLs to provide access to objects in your Amazon S3 bucket, you probably also want to prevent users from accessing your Amazon S3 objects using Amazon S3 URLs. If users access your objects directly in Amazon S3, they bypass the controls provided by CloudFront signed URLs, including control over when a URL expires and control over which IP addresses can be used to access the objects. [...]

You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. [...]

[emphasis mine]

关于cdn - 通过 CDN 为 protected Assets 提供服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23580046/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com