Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS S3 bucket policy - how to allow access only from my website?

I have a paperclip text file attachment (in Rails).

My bucket policy is:

{
    "Version": "2008-10-17",
    "Id": "Policy123",
    "Statement": [
        {
            "Sid": "Stmt123",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:GetObjectVersion",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::my_bucket/*"
        }
    ]
}

I want to restrict access to these actions to only be allowed when the request comes from my website. Is it simply a case of updating this to: "Principal": {"AWS": "mywebsite.com"} ?

like image 907
rigyt Avatar asked Oct 26 '12 20:10

rigyt


1 Answers

Bucket policy :

{
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originating from www.example.com and example.com.",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::00000000:user/example-user" // IAM User ARN
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-example/*", // bucket ARN
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "http://example.com/*" // Website link
                    ]
                }
            }
        }
    ]
}
like image 83
iHabboush Avatar answered Oct 19 '22 23:10

iHabboush