S3 URL sharing: simply available
As S3 is a web-based file share, rather than a locally attached block device such as a SCSI disk or thumb drive. Because it is (only) accessible via HTTP, we can choose to direct web clients directly to it, instead of serving it from our web server, thereby offloading the load from the web servers and enjoying the built-in redundancy of S3.
The beauty of it is that it requires absolutely no change from either the web server or the client browser - just be sure to generate your HTML code with absolute paths to the relevant files in S3 and we are good to go:
Simple has its own limitations
The classic use-case for this feature is where we have a public website serving equally public multimedia content (such as pictures) for anonymous internet clients.
But what happens when we want to implement access-control and authenticate users in our application before we allow them direct access to the content stored on S3?
The bad news is that S3 supports setting file permission ACLs, but it only works with Amazon user accounts (the same ones used for AWS and the Amazon bookstore) - which isn’t really practical to control from inside our application and doesn’t integrate with any existing user database.
The solution is to use an S3 feature called URL Expiration.