I want to create a one time download link to an amazon s3 hosted file. This link expires once the file has been downloaded.
I want this file to still be hosted but a visitor can only download the file once.
The scenario I need this for is: I have a file download website where users pay for a file. I want the user to only be able to download the file once from the website (and Amazon s3), I also do not want the user to be able to share a direct download link with other people.
If this isn't possible I wonder if it is more efficient to limit it by an IP address or Cookie if possible?
There is no way to tell S3 to allow a link to be used only once. But you can create a link that can only be used until a specified time. What I do is redirect the requester to an S3 link that expires in a few minutes, so he or she doesn't have time to share it. You can make that expiration time very short, even a few seconds, so long as their browser has time to receive the redirect response and follow it.
You can write an "one time url generator" service (either in form of website or rest API) and make use of aws federated user feature to achieve this.
Consider the following procedure:
- When user wants a one time url, they send the request to your "one
time url generator" service.
- The your service generates a "one time url" and returns it to the user. The url is a one-to-one mapping to the S3 resource the user wants.
- When the user makes a requests to the "one time url", the service creates a temporary user using the AWS federated user feature, and generates an S3 presigned url on behalf of the temporary user.
- The service sends the response back to the user, redirecting to the presigned url.
- The user follows the redirection, and starts downloading the file.
- The service then deletes the temporary user. (Or lets it expire.)
