Currently, s3 signing relies on sigv4 presigned urls for serving files.
2 limitations are reached:
- Cache innefiency: Each presigned url is unique; cloudfront treats each variation as a separate cache key. So, effectively no caching for the same aspect
- Not compatible w cdn-native solutions. I've been looking into using Cloudfront to minimize my costs and you most often don't request directly from the bucket, You'd use Cloudfront > OriginAccess Control> Your s3 bucket. Access control would be enforced at a cdn level, rather than w presigned urls
I suggest:
- Allow configuring a public url indépendant of the s3 endpoint (like https://assets.authdomain.net while keeping yourbucket.s3.ca-central-1.amazonaws.com)
- Ability to disable presigning. this would provide an option to return plain object URLs and as a result also allow the ability to delegate signing to an external layer
- CDN aware mode: basically ^
Currently, s3 signing relies on sigv4 presigned urls for serving files.
2 limitations are reached:
I suggest: