Amazon S3 Bucket Policy to prevent download?

Question

I built an e-learning website and used Amazon S3 for storing the files.

I want:

• Website visitors can watch the videos • They cannot download the videos**

Which policy should I add to the bucket policy, sir?

I used the below policy but this keep video in private, so they both cannot watch and download.

{
"Version": "2012-10-17",
"Id": "Policy1459891655092",
"Statement": [
    {
        "Sid": "Stmt1459891443631",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::mybucketname/public/*"
    }
]

}

Answer 1

S3 can provide for streaming of protected content. This is a very common request.

First you transcode your videos into HLS (HTTP Live Streaming) using Amazon Elastic Transcoder. The user then uses a video player or browser that supports HLS that connects to your web server. The content stored on S3 is encrypted. HLS breaks a video up into many small segments of multiple resolutions. The video changes dynamically during playback based upon many factors such as changes in Internet speed, device resolution, etc. CloudFront is not required to deliver HLS videos.

Take a look at Amazon's Elastic Transcoder and Apple's HLS viewer to get you started. Even Microsoft Edge supports HLS.

Answer 2

You cannot use S3 policy to prevent download because user must download to view it. S3 also does not support streaming. But you can combine with AWS Cloudfront to stream your S3 videos. You just set permission to allow AWS Cloudfront get your S3 videos, then Cloudfront will cache them at the edges. User can stream videos via Cloudfront URLs.

Read this for more detail

The first option is very easy to implement and is supported by just about every mobile device and desktop. All you need to do is to put your content in an S3 bucket and create a CloudFront distribution that points to the bucket. Your user’s video player will use CloudFront URLs (accessible as part of the distribution) to request the video file. The request will be directed to the best edge location, based on the user’s location. CloudFront will serve the video from its cache, fetching it from the S3 bucket if it is not already cached. This option has a couple of downsides. It makes inefficient use of your viewer’s bandwidth. If the user doesn’t bother to watch the entire video, content would never be seen is still downloaded. Skipping ahead or fast-forwarding also necessitates downloading of content that may never be seen.