I was reading about Image Light and have two questions regarding some of the features/possibilities, especially in a setup when you transform images that are stored outside of Cloudflare Images (e.g. AWS S3).
- Does Cloudflare fetch the original image from the external storage each time a transformation is applied? In other words, is the original image retrieved from storage every time a transformation is made, or does Cloudflare cache it after the first fetch and reuse it for subsequent transformations? My concern is that if the original image is fetched for every transformation, it will significantly increase the bandwidth between the origin storage and Cloudflare.
- Is there a way to limit the options available for transformations? For example, can I restrict transformations to only allow the “width” option with values of “1000”, “500”, and “250”? I believe this might be achievable using Workers, but I would like confirmation. However, using Workers might increase costs. Is there another way to impose such limits (something like predefined variants)? My concern is that without restrictions, anyone with a link to an image could abuse it by changing transformation options, potentially leading to increased costs indefinitely because of the unique transformations. Are there best practices to prevent such kind of attack/abuse?
In my situation, each user typically requires two images with three width options each, totaling six images per user. I’m contemplating whether it’s worthwhile to utilize image transformation services like Cloudflare Images (or Imgix/Imagekit) for on-the-fly transformations at all. Lately, I’ve been considering the possibility of transforming the images once and storing them in an S3 storage behind the Cloudflare CDN. Would this approach be more sensible? And then, what would be the rationale for using on-the-fly image transformation services at all? Are there real-world scenarios where many transformations need to be applied dynamically without prior knowledge? On top of that dynamic transformations, you always need to bear in mind limitations, costs, and abuses/attacks that again may increase costs. Why would you ever opt for on-the-fly transformations instead of pre-transformed variants behind the CDN (again, it looks like usually you don’t need that many variants)? I am not experienced in this field so I’d appreciate any insights!