About Amazon S3

I开发者_如何学Go have such problem: I have Droplr-like Adobe AIR application, which uploads files to remote location and returns short links for those files. I want to upload all these files to Amazon S3. But, as it is Adobe AIR application and everyone can see its source(and S3 API keys), I cant upload files directly to Amazon S3. As I understood, if someone will get API keys from application's source, he will be able to upload files to my S3 account and I will pay for that. I wanted to solve this by uploading files from application to my server and PHP script will upload them to Amazon S3. Like a proxy. But it will be double traffic and slow operation.

Another option is that you can use signed URLs. Your application can request an upload URL from your server. Your server then generates a signed URL to send back to the application which is then used to upload the file. You can also set the expiration time on signed upload URLs.

This blog article talks about keeping AWS credentials secret. Whilst it covers EC2 mostly, there's some stuff in there about S3 too.

Another approach is the Token Vending Machine, an application you can run to allow mobile and other client apps to obtain temporary credentials without revealing or embedding your account credentials in your application. You can read more about the TVM approach here:

http://aws.amazon.com/articles/4611615499399490