Django S3 private storage

Users in my django project can upload pdf files to a private storage. It is done using django-private-storage package - when user makes a request to get a file, django checks permissions on that and then adds x-sendfile header so apache would serve the file.

Now I am trying to move all that to S3 storage. I can't seem to understand how to do that. Most info that I found on the internet is telling me to put private files in a private bucket and then serve expiring links. I don't like the expiring links and I don't want to expose any S3 links. One-shot links would be fine, maybe.

Is there any way to serve files without exposing any direct S3 links and without using expiring links? Am I missing something?

The "expiring links" are S3 signed URLs that are valid for a period you can define with your request, and should be what you're indeed looking for.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

Using pre-signed URLs for the client's access to files like that should be no security issue if you made sure the permissions of the files in your bucket are private.

Though, if you really wish and after measuring the impact on your bandwidth, you could proxy the file transfer through your django app so that the S3 bucket url is not sent client side.

Back to Top