I want to control who can download a file via an app (as if it was held on the local FS). What's the right approach for doing this, considering S3 can't be mounted as a POSIX compliant file system?
SnapOverflow
I want to control who can download a file via an app (as if it was held on the local FS). What's the right approach for doing this, considering S3 can't be mounted as a POSIX compliant file system?
You can mount S3 buckets as local filesystems using the s3fs software.
Make sure you use appropriate permissions on the bucket and files so that the public cannot access your files.
You could further control who has what type of access to which buckets using AWS IAM and distribute appropriate credentials for use with s3fs.
That said, it isn't clear that mounting as a file system is exactly what you need since you haven't expressed your original project requirements. "Downloading a file via an app" can be done with special URLs in S3 that include key signatures and even expiration times.
S3 offers a number of different ways to control who sees what including: bucket policies, IAM, ACLs, and query strings. You aren't giving enough information about your application requirements to be able to recommend a specific approach, so I'd recommend studying the S3 documentation and figuring out which one works best for your situation.