I want to design a solution to send weekly reports to users. These reports will be in PDF stored on S3 once generated via some task. I want to use AWS SES to send email to our users with the links of these PDF reports stored on S3 but it should have access restrictions. Reports on S3 can only be viewed if the user click on the link provided by Email. One more issue is that the reports can go out to multiple emails for an account which are not registered user emails in our system but have been asked by client to include in the report email.
Is there a way to achieve this? As per my knowledge, files on S3 can be public(accessible to anyone) or can be accessed via IAM. I can not make the PDF on S3 public due to privacy.
You can use presigned URLs to achieve what you want. These are temporary URLs that can be used to download/upload to s3. The link will expire in the time you specify when generating them (default 1 hour).
Read more here: https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html