[ Distributing paid content ]
1. We sell videos online and users have to paid to buy videos
2. Each videos can bought by many different customers
3. We only want to distribute videos to users who are premium users
4. We have a database of premium users
5. Links we send to premium users should be short lived
6. Our application is global
7. We want to be fully serverless
[ Start simple, premium user service ]
Cognito 를 사용하여 인증(authentication)
DB 조회를 통해 유저가 프리미엄 유저인지 확인(인가(authorization))
[ Add Videos Storage Secure, Distribute Globally and Secure, Distribute Content only to premium users ]
1) 영상 URL 요청
2) Cognito 를 통해 인증
3) Lambda 를 통해 프리미엄 유저인지 확인(인가)
4) 프리미엄 유저인 경우 유효시간이 정해져있는 CroudFront Signed URL 을 생성 (CloudFront 는 Signed URL을 통해서만 접근이 가능토록 설정)
5) Signed URL 리턴
6) 유저는 Signed URL 을 통해 CloudFront 에 접속 및 S3 영상 자원 열람
[ Premium User Video service ]
We have implemented a fully serverless solution :
1. Cognito for authentication
2. DynamoDB for storing users that are premium
3. 2 serverless applications
4. Content is stored in S3 (serverless and scalable)
5. Integrated with CloudFront with OAI for security (users can't bypass)
6. CloudFront can only be used using Signed URLs to prevent unauthorized users
※ What about S3 Signed URL? They're not efficeint for global access
'infra & cloud > AWS' 카테고리의 다른 글
[AWS] 17-5. Big Data Ingestion Pipeline (0) | 2021.09.22 |
---|---|
[AWS] 17-5. Software updates offloading (0) | 2021.09.17 |
[AWS] 17-3. Micro Service Architecture (0) | 2021.09.17 |
[AWS] 17-2. Serverless Website : MyBlog.com (0) | 2021.09.17 |
[AWS] 17-1. Serverless Solution Architecture Discussions (0) | 2021.09.17 |