Tuesday, January 18, 2011

Simplifying AWS S3 Bucket Sharing

The problem with sharing buckets on Amazon's S3 is that it's too complicated for the casual user.

I have yet to see a simpler way to share a bucket on S3 other than the technique outlined in the link, above, but I envision a "Share my bucket" link on a web page which, when clicked, pops-up the following widget:

When the user clicks the Share Bucket button, the user's web browser would communicate directly with AWS to share the bucket. The fact that the Secret Access Key is not stored by the third party's (developer's) server is important for this to work and be trusted.

AJAX Limitations
Of course, this technique may require a little AJAX finessing since browsers only allow an XMLHttpRequest back to the server host name, port, and protocol from where the web page originated. So, the web app developer may need their own web server (e.g. Apache with its rewrite engine) to proxy the XMLHttpRequest.

Added Security
Also, for added security, the developer should be able to create a new pair of AWS Access Credentials, since up to two can be created at one time. Then, once the bucket is shared, the developer can delete the Access Credentials used for sharing the bucket.

No comments: