I have a paperclip text file attachment (in Rails).
My bucket policy is:
{
"Version": "2008-10-17",
"Id": "Policy123",
"Statement": [
{
"Sid": "Stmt123",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
I want to restrict access to these actions to only be allowed when the request comes from my website. Is it simply a case of updating this to: "Principal": {"AWS": "mywebsite.com"} ?
Bucket policy :
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests originating from www.example.com and example.com.",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::00000000:user/example-user" // IAM User ARN
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-example/*", // bucket ARN
"Condition": {
"StringLike": {
"aws:Referer": [
"http://example.com/*" // Website link
]
}
}
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With