skip to content

Latest News

Optusnet maili delivery issues

Our recent upgrade to Debian 12 (bookworm) included a tightening of security around TLS connections used for logging in and...

Server upgrades - Debian 12

This month we are busy upgrading our servers to the new Debian 12 ("bookworm"), which includes PHP 8.2 and PostgreSQL 15.3...

25 years of Chirp!

This week marks 25 years since Chirp first opened for business back in 1997 as Chirp Web Design in a small office in Braddon,...

News RSS Feed

more news

Case study:Secure file storage with AWS

4 October 2022

One of our European Union clients wanted a system that allowed their members to upload files and to have them stored in a secure GDPR-compliant location.

The solution we opted for was AWS S3 with full encryption, versioning and no public access other than using single-use time-limited URLs for downloading individual files.

Files are uploaded using the handy AWS CLI command-line interface, storing each file with a unique id, but also including the file name and type as headers:

aws s3api put-object
--body {$body}
--bucket {$bucket}
--content-disposition 'attachment; filename=\"{$filename}\"'
--content-type {$filetype}
--key {$key}

When a file is requested for downloading a pre-signed URL is generated and immediately used to trigger the download:

aws s3 presign s3://{$bucket}/{$key} --expires-in {$expires}

Some of the trickier parts of this project were: crafting policies for IAM and S3 to limit and secure access to the bucket; having the files download with the original file name and type despite being stored as unique identifiers; and setting up triggers to rename and delete uploaded files in response to website actions.

If you are interested in this kind of solution for your website or members, the steps are:

  • set up an AWS S3 account and bucket;
  • set up an IAM user for API access;
  • put in place the necessary AWS policies; and
  • configure privacy, security and data retention settings.

A similar system could also be a good for storing backups of your website files or keeping long term historical logs.

Chirp is already using AWS for keeping incremental encrypted backups.

Creating a multilingual website »

« Customisable online quiz

< case studies