I have images that are constantly fed into a private S3 bucket that I then need to display in a Blazor application.

I've set up a VPC based access point and a VPC endpoint based on the instructions found in this guide. The intention was that this would allow me to freely access the contents of my S3 bucket so long as the code was being executed from within the VPC.

I'm trying to display the images in a simple img tag:

<img src="https://my-access-point-12345678910.s3-accesspoint.us-east-1.amazonaws.com/img/image1.jpg">

The problem I'm running into now is that everytime I try to go to the url whether it be when its embedded as an image on the website or even access it via the browser I'm met with the error message:

<Code>InvalidRequest</Code>
<Message>The authorization mechanism you have provided is not supported. Please use Signature Version 4.</Message>

Based on the AWS documentation around Signature Version 4, I need to make an HTTP request with a signing key to get the image I need. This isn't feasible as the number of images I need is just too large and doing GET requests 1 by 1 will be far too slow.

I've also tried creating a fully public access point but was met with the same problems

How would I go about getting around this or is there something that I'm missing?

CodePudding user response：

The normal method would be:

• Store the images in an Amazon S3 bucket
• Keep the bucket private -- that is, do not add a Bucket Policy
• Do not restrict the bucket to only being accessible via an Access Point (not sure if you were doing this)
• When your application determines that a user is permitted to access a private object, generate an Amazon S3 pre-signed URL, which is a time-limited URL that provides temporary access to a private object
• Use that pre-signed URL in the image tag, eg <img src="pre-signed-url-here">

This way, end-users will be able to access the images from S3 via the pre-signed URL.