restrict access to amazon s3 file to only allow logged in users access

Question

When I go to the url of my bucket file it downloads straight away. However I only want users that are logged into my application to have access to these files.

I have been searching for hours but cannot find out how to do this in php from my app. I am using laravel to do this so the code may not look familiar. But essentially it just generates the url to my bucket file and then redirect to that link which downloads it

$url = Storage::url('Shoots/2016/06/first video shoot/videos/high.mp4');
return redirect($url);

How can i make this file only accessible for users logged into my application?

Answer 1

We ran into a similar issue for an application I'm working on. The solution we ended up working with is generating S3 signed URLS, that have short expiration times on them. This allows us to generate a new signed link with every request to the web server, pass that link to our known auth'd user, who then has access for a very limited amount of time, (a few seconds). In the case of images we wanted to display in the DOM, we had our API respond with an HTTP 303 (See Other) header and the signed URL, that expired with-in a couple of second. This allowed the browser time to download the image and display it before the link expired.

A couple of risks around this solution: We know a user could possibly request a signed URL and share it with another service before the expiration happens programmatically, or an un-auth'd user who was intercepting network traffic could potentially intercept the request and make it themselves, we felt these were edge case enough that we were comfortable with our solution.