Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Secure amazon s3 bucket web URL of a resource against unauthorised user

I am totally new to s3 bucket, I know we can save images, videos, etc any kind of resources there. when I want to access these images from my app I can access through web url but how to make sure any other unauthorised user can't see/download my image using that url(URL is so easy to guess if bucket name is known).

How to make the URL secure?

Can I use my preferred username & password into the URL to make it secure?

I also do not found any way to make the resources unaccessible through the URL that amazon uses(http://s3.amazonaws.com/bucketname/resourcename.extension), is that possible?

Any help would be appreciated... Thanks.

like image 886
Harish Pathak Avatar asked Mar 05 '15 10:03

Harish Pathak


People also ask

How do I restrict Amazon S3 bucket access to a specific IAM user?

You can use the NotPrincipal element of an IAM or S3 bucket policy to limit resource access to a specific set of users. This element allows you to block all users who are not defined in its value array, even if they have an Allow in their own IAM user policies.

How do I mask my Amazon S3 URL?

There are two parts to masking your S3 url, the first is creating and naming a bucket in S3 to match the subdomain, the second is creating the subdomain and pointing it to the S3 bucket url.


1 Answers

First, make your bucket private.

Then, generate signed URL to access your content.

The format will be https://<bucket>.s3.amazonaws.com/objectname?AWSAccessKeyId=<accesskey>&Expires=<expiretime>&Signature=<signature string>

Please see https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html

You can also try it with this tool: http://www.dancartoon.com/projects/s3-siggenerator/

like image 50
PJ Bergeron Avatar answered Oct 22 '22 09:10

PJ Bergeron