I am pretty new to aws. I want to store my video files in s3 bucket and host them on my website using cloudfront. Users should be able to download videos only after logging onto my website.
How do i go about implementing this? Since i am new to aws, a tutorial link would be very helpful. Thank You.
Also if you could suggest other cheaper but reliable CDNs for video files, it would be very helpful.
You can restrict your Amazon S3 content to accept requests only from Amaozn CloudFront and also use signed, temporary URLS for content delivery, thus serving private content through CloudFront.
See: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
Related
I want to host my website in S3 (because it seems cheaper and i don't have server side script). I have a domain, and i want my domain link to my S3 website. So far, what i do is enabling Static website hosting in my S3 website bucket, and set Route53 record set's Alias Target to my S3 website. it's working. But it's not good enough, i want it to deal with multi regions.
I know that Transfer acceleration can auto sync files to other regions so it's faster for other regions. But i don't know how to make it work with Route53. I hear that some people uses CloudFront to do that but i don't quite understand how. And i don't want to manually create buckets in several regions and manually set up for each region
do you have any suggestion for me?
If your goal is to reduce latency for users worldwide, then Amazon CloudFront is definitely the way to go.
Amazon CloudFront has over 100 edge locations globally, so it has more coverage than merely using AWS regions.
You simply create a CloudFront distribution, point it to your S3 bucket and then point your domain name to CloudFront.
Whenever somebody accesses your content, CloudFront will retrieve it from S3 and cache it in the edge location closest to that user. Then, other users who want the data will receive it from the local cache. Thus, your website appears fast for many users.
See also: Amazon CloudFront pricing
I have a single HTML landing page and I expect around 50,000 to 100,000 visitors per day
(no server side code)
Only HTML and a little bit JavaScript.
So what AWS instance type I should use so my webpage will not crash?? Right now I have the free tier : t2.micro with window server 2016 do I need to upgrade? or this is good enough?
thanks.
Using AWS S3 Only
For static page hosting you can use AWS S3. You need to create a S3 bucket and enable static website hosting. For more details refer Example Walkthroughs - Hosting Websites on Amazon S3.
Using AWS S3 & CloudFront
Since you are expecting more traffic, you can reduce the cost and improve the performance by using AWS CloudFront where it will cache the content at Edge locations of the content delivery network. You can also setup free AWS Certificate Manager issued SSL Certificates if you use CloudFront.
If there is no backend code, then you can do it using just S3 and CloudFront.
I am making an app that uses S3 to store a lot of user media which I then display to the user at a later time. I am trying to figure out the best and most secure way to accomplish this.
I read that storing the media at S3 and then using the url from S3 to load media might be a bad choice because it can expose information that you might not want out in the open. Is it right to download all media to the sever from S3 before loading it on a page? that seems like it defeats the purpose of S3 in the first place if I have to keep downloading media from there in order to display it.
What is the best practice for accomplishing this?
I would appreciate a little advice.
Thanks!
There are many different ways to use S3. There isn't a single "best-practice".
Serve all content through web server:
In this scenario, S3 is used simply as a storage medium. Content is requested through the web server, which then downloads the content from S3 and forwards the contents to the client.
In this scenario, the client is not aware of the S3 bucket.
This does not defeat the purpose of S3 because the purpose of S3 (in this scenario) is content storage, not delivery.
Serve content from a public S3 bucket:
In this scenario, you setup your S3 bucket to serve up the content directly. In this case, all of the content is public, so direct linking to the content from the web app is used. All content in the S3 bucket can be downloaded by anyone.
The bucket can be referenced as bucket.s3-website.amazonaws.com, or under your own domain.
This scenario has the benefit that it offloads the delivery of the content from your web server.
Serve content from a private S3 bucket:
In this scenario, your bucket is private, but you still serve up the content directly. Using this system, you create expiring pre-signed URLs to protect the private content. The content is downloaded directly from S3, but not all content can be downloaded by everyone.
Like the previous scenario, this scenario has the benefit that it offloads the delivery of the content from your web server.
CloudFront:
You can use CloudFront in front of your app and/or S3 buckets to do any of the following:
cache the content, speeding up global delivery,
protect your web server, in conjunction with WAF
Final thoughts:
The setup you choose depends on your application.
I have an application which is a static website builder.Users can create their websites and publish them to their custom domains.I am using Amazon S3 to host these sites and a proxy server nginx to route the requests to the S3 bucket hosting sites.
I am facing a load time issue.As S3 specifically is not associated with any region and the content being entirely HTML there shouldn't ideally be any delay.I have a few css and js files which are not too heavy.
What can be the optimization techniques for better performance? eg: Will setting headers ? or Leverage caching help? I have added an image of pingdom analysis for reference.
Also i cannot use cloudfront as when the user updates an image the edge locations have a delay of few minutes before the new image is reflected.It is not instant update,hence restricting the use for me. Any suggestions on improving it?
S3 HTTPS access from a different region is extremely slow especially TLS handshake. To solve the problem we invented Nginx S3 proxy which can be find over the web. S3 is the best as origin source but not as a transport endpoint.
By the way try to avoid your "folder" as a subdomain but specify only S3 regional(!) endpoint URL instead with the long version of endpoint URL, never use https://s3.amazonaws.com
One the good example that reduces number of DNS calls is the following below:
https://s3-eu-west-1.amazonaws.com/folder/file.jpg
Your S3 buckets are associated with a specific region that you can choose when you create them. They are not geographically distributed. Please see AWS doc about S3 regions: https://aws.amazon.com/s3/faqs/
As we can see in your screenshot, it looks like your bucket is located in Singapore (ap-southeast-1).
Are your clients located in Asia? If they are not, you should try to create buckets nearer, in order to reduce data access latency.
About cloudfront, it should be possible to use it if you invalide your objects, or just use new filenames for each modification, as tedder42 suggested.
I have a feature on my website where users can upload images. Users can see their own images but not others. The images are stored on Amazon S3 but uploaded and viewed on my website which is at a web hosting and not S3.
I have tried to show the pictures on my website through my private key when pictures are private at Amazon but failed.
Found this post: http://blog.learningtree.com/configuring-amazon-s3-to-serve-images which describes how to make the images/files more private even if they are set to public on S3. The site suggest to stop search engines with robots.txt file and only serves images to people who are coming from my domain to stop hot-linking.
Do you think this is enough if I make them public on S3 or should I think about something else?
You can also configure the images on S3 to be private, and then generate pre-signed URLs in your app. That way, you can include an expiry time within the link.
From Authenticating REST Requests in the S3 docs:
For example, if you want to enable a user to download your private data directly from S3, you can insert a pre-signed URL into a web page before giving it to your user.
People can then only use the generated URL for a certain time. If they come through your app, it will always generate a link for some time in the future (say, 15 minutes as an example). If people pass around the links to these images, these links auto-expire.
Most S3 SDKs have higher-level methods to pre-sign those URLs.
Relevant: How secure are presigned URLs in AWS S3? here on SO.