issuhub.com

Advanced Rails - Building Industrial-Strength Web Apps in Record Time

(Tuis.) #1 
Case Study: Amazon S3 | 233

Another option, which can be incredibly useful, is to delegate access control by
including the authentication information in the query string of the object’s URI. This
is most useful when the object is still private but there are designated users without
an AWS account who should be allowed to retrieve it via plain HTT Por BitTorrent.
Basecamp uses this approach to store a company’s files. The files are kept on S3 with
a locked-down ACL, and when an authorized user requests the file, he is sent to a
URI including a signature, which is valid for a limited period of time. The format of
the URIs is such:


/objectkey?AWSAccessKeyId=AWSAccessKeyId&Expires=Expires&Signature=Signature

TheAWSAccessKeyIdandSignaturevalues are as described previously, while the
Expires value is a POSIX-time-formatted value indicating when the authorization
expires. TheExpiresvalue is also signed by the HMAC so that the recipient cannot
modify it undetected.


Architecture and Operations


S3 has a truly RESTful HTT Pinterface, in which the URIs correspond to resources
only, the proper HTT Pmethods are used according to their semantics, and status
codes are used appropriately. There are three types of resources in the S3 system:


Service
Represents the Amazon S3 service; its well-known URI ishttp://s3.amazonaws.
com/. This resource supports only one HTTP method:
GET service
Returns a list of all buckets owned by the currently authenticated user.


Bucket
Represents one bucket belonging to the authenticated user. Can be accessed
through the following URIs:



  • http://s3.amazonaws.com/bucketkey

  • http://bucketkey.s3.amazonaws.com/

  • [http://bucketkey/(if](http://bucketkey/(if) the key is a valid DNS name with a CNAME pointing
    tos3.amazonaws.com)
    A bucket resource supports the following three methods:
    PUT bucket
    Creates a bucket with the given name (as the client gets to choose the name,
    this is accomplished withPUTto the resource itself, rather thanPOSTto the
    parent). Attempting to create a bucket that already exists will return an
    HTTP 409 Conflict error code.
    GET bucket
    Retrieves a list of objects contained in the specified bucket. Takes aprefix
    parameter in the query string to list all keys that begin with a given string.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.