Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

amazon s3 video files accessible only from my domain/server?

Tags:

amazon-s3

Now, I know that I cannot stop someone from downloading my videos and sharing, however I would prefer to have it to so that people do not copy paste links directly to my bucket. Thus, is there a way to make my bucket accessible only from my server/domain making the request?

If it helps, I'm using jwplayer which loads from a xml playlist that has all the links. This playlist definitely can be opened and viewed from anywhere and is where I expect the easy copy and paste comes from.

I don't want to mask the urls because that means my bucket is readable to everyone. There is probably some chance that someone will find the url of my bucket and the name of the files and connect everything together...

like image 347
Matt Avatar asked Mar 11 '12 21:03

Matt

1 Answers

This is possible by Using Bucket Policies, which allows you to define access rights for Amazon S3 resources - there are a couple of Example Cases for Amazon S3 Bucket Policies illustrating the functionality, and amongst these you'll find an example for Restricting Access to Specific IP Addresses as well:

This statement grants permissions to any user to perform any S3 action on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition.

Depending on the specifics of your use case, a bucket policy for this might look like so:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*" 
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition" : {
                "IpAddress" : {
                    "aws:SourceIp": "192.168.143.0/24" 
                },
                "NotIpAddress" : {
                    "aws:SourceIp": "192.168.143.188/32" 
                } 
            } 
        } 
    ]
}

As shown the aws:sourceIp value for parameters IPAddress and NotIpAddress is expressed in CIDR notation, enabling respective flexibility for composing the desired scope.

Finally, you might want to check out the recommended AWS Policy Generator, select type S3 Bucket Policy and explore the available Actions and Conditions to compose more targeted policies for your use case eventually - the documentation for Conditions explains this in detail.

like image 126
Steffen Opel Avatar answered Oct 14 '22 00:10

Steffen Opel
Sign in to Comment

Related questions

See which S3 generic methods are available in environment
List files on S3
Use Fog with Ruby to generate a Pre-signed URL to PUT a file in Amazon S3
Using gzip to compress files to transfer with aws command
read stream from s3 with Clojure/Java
AWS CLI "s3 ls" command to list a date range of files in a virtual folder
How do I undo an AWS stack rollback?
Laravel Download from S3 To Local
PDFs in Amazon S3 don't open in Chrome for view
In NiFi is it possible to read selectively through FetchS3Object processor?
Hugo Error - Current theme does not support current version
Amazon S3 Bucket Policy to prevent download?
How to point a Netlify subdomain to an AWS S3 bucket via CNAME?
AWS S3 - Generate presigned URL using REST API
How does BufferedReader read files from S3?
C# MVC/API - Return an image from Amazon S3 for my API Call
AWS remove files in S3 using CodeBuild in CodePipeline
Getting "Missing required field Principal" when adding policy to S3 bucket
Cloudfront to s3 redirect to subdomain giving Access denied error
How to proxy files from S3 through rails application to avoid leeching?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!