I am trying to limit access to files uploaded to particular users (or even groups of users). I want to make a private S3 bucket that only delivers resources to those who can access it.
Is handling GET object permissions within a lambda a bad idea? I was thinking something like the opposite to creating a presigned URL for uploading.
The only other way I can see this being possible is dynamically creating IAM policies for users when they create the file, using their UUID in the folder path.
Cheers in advance!