Where to store user private information ( like ID cards images etc.) in a web app?

Question

I am developing an application with django rest and one of the features is to let the user store ID cards and driver license. I am thinking of using amazon AWS S3 to store the files. Is that secure enough for that functionality? What is usually used for that type of files?

Answer 1

Amazon Simple Storage Service (S3)

It allows you to store an infinite amount of data that can be accessed programmatically via different methods like REST API, SOAP, web interface, and more. It is an ideal storage option for videos, images and application data.

Features:

• Fully managed
• Store in buckets
• Versioning
• Access control lists and bucket policies
• AES-256 bit encryption at rest
• Private by default

Best used for:

• Hosting entire static websites
• Static web content and media
• Store data for computation and large-scale analytics, like analyzing financial transactions, clickstream analytics, and media transcoding
• Disaster recovery solutions for business continuity
• Secure solution for backup & archival of sensitive data

Use encryption to protect your data: If your use case requires encryption during transmission, Amazon S3 supports the HTTPS protocol, which encrypts data in transit to and from Amazon S3. All AWS SDKs and AWS tools use HTTPS by default

Restrict access to your S3 resources: By default, all S3 buckets are private and can be accessed only by users that are explicitly granted access. When using AWS, it's a best practice to restrict access to your resources to the people that absolutely need it, you can see in that Doc.