Skip to main content

File storage

File storage is using AWS S3 buckets to store user files.

Configuration

The bucket is configured with Block all public access accept for Block public and cross-account access to buckets and objects through any public bucket or access point policies.

Bucket policy let anonymous users read access to all objects in the bucket:

{
    "Version": "2012-10-17",
    "Id": "Policy1718197876481",
    "Statement": [
        {
            "Sid": "Stmt1718197871673",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::simops/*"
        }
    ]
}

Also, to get access to files via HTTPS, we need to specify the CORS for the GET method:

[
    {
        "AllowedHeaders": [
            "Authorization",
            "Content-Length"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

The Access Key and Secret Access Key are provided by a user (in time of writing is simops-fileupload-user) that is part of a user group simops-fileupload-bucket with AmazonS3FullAccess permission.

File organization

File are simply put with the key (synonym of filename in buckets) nomenclature of UserId/filename.ext, so for example, if a user with user ID 38b96474 uploads a test.png file, it would result in 38b96474/test.png for the key.

For now, all environments are using the same bucket.

Keeping track of files

A table in database records metadata about files uploaded into the bucket. The use is to know the user who is owner of the file, URL of files, etc. File sizes are also recorded to keep track of space used by a specific user.

Flow

The user choose an image and the client sends it to the API. The image may be choosen in a particular context, example is on Edit page of an aircraft. The API sends the image to S3 and on successful response, a record is sent to the database to keep track of files sent by user and its context (linked to a specific aircraft). Then, the HTTP response is sent back to client with the image URL for display.

Database design

Check model.wsd the table storageObject.

Other ressources

  • S3 Docker image: docker pull localstack/localstack:s3-latest.