How can I create a one time download link with Amazon S3?
There is no way to tell S3 to allow a link to be used only once. But you can create a link that can only be used until a specified time. What I do is redirect the requester to an S3 link that expires in a few minutes, so he or she doesn't have time to share it. You can make that expiration time very short, even a few seconds, so long as their browser has time to receive the redirect response and follow it.
You can write an "one time url generator" service (either in form of website or rest API) and make use of aws federated user feature to achieve this.
Consider the following procedure:
- When user wants a one time url, they send the request to your "one time url generator" service.
- The your service generates a "one time url" and returns it to the user. The url is a one-to-one mapping to the S3 resource the user wants.
- When the user makes a requests to the "one time url", the service creates a temporary user using the AWS federated user feature, and generates an S3 presigned url on behalf of the temporary user.
- The service sends the response back to the user, redirecting to the presigned url.
- The user follows the redirection, and starts downloading the file.
- The service then deletes the temporary user. (Or lets it expire.)