CDP:Private Distribution Pattern

From AWS-CloudDesignPattern
Revision as of 00:33, 28 November 2012 by Cdpadmin (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Data Delivery to Specified Users


Problem to Be Solved

Internet storage has both high availability and high durability, and targets delivery of large content files and frequently accessed content files. However, when delivering content to only specified users, cooperation with the validation systems of the applications that created the content is indispensable. This makes it difficult to achieve access control with Internet storage alone.

Explanation of the Cloud Solution/Pattern

You can use a function for publishing limited URLs, provided by Internet storage, to set up access-origin IP addresses and access-enabled time intervals. You can issue URLs for individual users, and have content that is downloadable by only those limited URLs, to prevent downloading if a link has expired or if an individual with a different IP address attempts access. Essentially, this lets you provide content to specified users only.


  • Prepare the S3 apitool or the AWS SDK.
  • After execution of user validation on the local system, use an API to generate a limited URL for each content object published to that user.
  • Use the URL table that is generated to generate webpages dynamically.
  • Use the limited URLs as the link (download) destinations in the content, such as the HTML, that is generated.




  • This enables delivery of private content through time-limited use by specified users only.
  • Because the actual content download is performed directly from S3 (rather than passing through an EC2 instance), the properties of S3 of being robust to load and to failures are directly applicable.


  • You must provide a validation system and a server for issuing time-limited URLs.
  • Even if the user validation has not expired, the term of effectiveness of the URL will expire, preventing downloading.


Generally you would use this pattern in combination with an application validation system. In the case of content that can be accessed by all logged-in users, you can create webpages using URLs generated manually, using, for example, a third-party tool (such as CloudBerryExplorer), if not generating the limited URLs automatically.

Personal tools