Django and handling User uploaded (media) files on AWS S3

this might be a vague question but I am developing an app where users can upload files (mainly videos and pictures). I have the AWS S3 configured and working however, Aws recommends to keep the bucket Private.

  1. if the bucket is private, is the only way to allow access for users to view content (maybe uploaded by friends VIA pre-signed urls?)
  2. is it necessary to even make the bucket private. I see tutorials and they usually have the bucket settings to public. this means that any person that has a hold of the url can access an image. Lets say user 1 uploads to group xyz. only members of xyz should be able to access that image.

implementing unique identifiers for images will make it tough for someone to get access that image. would this be the better approach or having django generate signed URLS everytime a user wants to view a certain image?

  1. are there any other ways to add security?

[Edit: moved the close paren to reflect how I’m interpreting this question]

It’s not the only way. You could also use your web server (e.g. nginx) as a proxy. There are both advantages and disadvantages to that, but it is an option.

If you want any control at all over the bucket, Yes. Making an S3 bucket public is very risky. Become a target, and someone can chew up a lot of AWS bandwidth and IOs by retrieving the same file millions of times.

Note that on a regular file system (I don’t know about using S3 for user-uploaded files), the file name for the file saved on the server is not necessarily the file name of the file as it was uploaded from the browser. If that’s also true with S3, then there is some obfuscation involved there, too. But it doesn’t make it any more “difficult” for someone to access the file.

I’ll definitely make the bucket private then and search up the configuration. It’s just that I’m having a difficult time finding this information.

And nginx as a proxy is something I will look into!
appreciate the help!