aws – Letting users to download data from my Django app


I want to provide a way for my users to download their data, which are stored in S3, through my app. Should I provide them with a public url followed by a key random key, as in this example?

http://s3.amazonaws.com/user-xyz123/folder/some_csv_file.csv

It could be possible for an attacker to brute-force the url, so can I use the TokenGenerator from the Django app to generate the ‘xyz123’ suffix?

Another alternative is to let users download files directly from my app, but this will place some strain on my app.