I can think of 2 solutions to this problem:
1. Simply start the download through the direct link (the user never sees the link, but they CAN see it, which poses a problem for sellable downloads). Here's how I accomplished this:
In ps_order.php in the download_request() function where it checks if it's a remote file, I added the following line which starts a download for the user directly from Amazon S3.
header( 'Location: '.$datei ) ;
The advantage here is that the actual download process is handled by Amazon's servers which is faster and more reliable than most web servers. This takes a load off the web server. The obvious disadvantage here is that the direct link can easily be discovered and distributed and the number of downloads couldn't be tracked.
2. This one is a lot more complicated, but I would assume it's possible to write code to make a copy of the downloadable file in a temp directory on Amazon S3 specifically for that download ID and have the temp file deleted once the download expires. This would require a good bit of coding and could bloat the storage on Amazon S3 if there are a lot of downloads (say you sell 1000 2GB movies, that's 2000GB of storage now!).
I'm still working on this problem because this is VERY important for my project that I have security but also be able to deliver large files to the user without burdening the web server. I'm currently trying to understand if it's possible to deliver the file (chunk by chunk) to the user through the web server without the file ever being downloaded to the web server. If anyone can offer any info on this, I'd appreciate it.