Basecamp uses this approach to store a company??™s files. The files are kept on S3 with
a locked-down ACL, and when an authorized user requests the file, he is sent to a
URI including a signature, which is valid for a limited period of time. The format of
the URIs is such:
/objectkey?AWSAccessKeyId=AWSAccessKeyId&Expires=Expires&Signature=Signature
The AWSAccessKeyId and Signature values are as described previously, while the
Expires value is a POSIX-time-formatted value indicating when the authorization
expires. The Expires value is also signed by the HMAC so that the recipient cannot
modify it undetected.
Architecture and Operations
S3 has a truly RESTful HTTPinterface, in which the URIs correspond to resources
only, the proper HTTPmethods are used according to their semantics, and status
codes are used appropriately. There are three types of resources in the S3 system:
Service
Represents the Amazon S3 service; its well-known URI is http://s3.amazonaws.
com/. This resource supports only one HTTP method:
GET service
Returns a list of all buckets owned by the currently authenticated user.
Bucket
Represents one bucket belonging to the authenticated user. Can be accessed
through the following URIs:
??? http://s3.amazonaws.com/bucketkey
??? http://bucketkey.s3.amazonaws.com/
??? http://bucketkey/ (if the key is a valid DNS name with a CNAME pointing
to s3.
Pages:
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365