I am building a django/s3 application with the following behaviour:
I'm looking for a way to deny the other users (or, even worse, not logged) to query and get access to the files. One solution I could find is:
Is this enough? Are there more elegant solutions to this?
Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there. After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.
After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket. In general, if you’re using an Amazon S3 bucket as the origin for a CloudFront distribution, you can either allow everyone to have access to the files there, or you can restrict access.
Change the permissions either on your Amazon S3 bucket or on the files in your bucket so that only the origin access identity has read permission (or read and download permission). When your users access your Amazon S3 files through CloudFront, the CloudFront origin access identity gets the files on behalf of your users.
To restrict access to content that you serve from Amazon S3 buckets, follow these steps: Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution. Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users.
Don't make your files public. This will prevent non-authorised users from accessing the files.
Then in your Django app, you can generate urls with a querystring that allows an authorised user to access an S3 file for a limited time.
The amazon docs for querystring request authentication have more information.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With