How to allow aws s3 bucket contents only to publicly serve a certain domain?

Question 1

I am using aws s3 to store my website pictures and video contents. File links from s3 are directly output to html/php.

The problem is that some other sites linked my picture/video, which heavily increased s3 traffic usage, and off course increased the pay bill.

I know in some case people use referer header to prohibit external sites linking. But in this case, picture/video go out directly from s3, not my domain.

Can some one help to achieve this? Thanks.

Question 2

You can use Amazon bucket policy like :

{
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originated from www.example.com and example.com",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::examplebucket/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "http://www.example.com/*",
                        "http://example.com/*"
                    ]
                }
            }
        }
    ]
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

{

"Version": "2012-10-17",

"Id": "http referer policy example",

"Statement": [

{

"Sid": "Allow get requests originated from www.example.com and example.com",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::examplebucket/*",

"Condition": {

"StringLike": {

"aws:Referer": [

"http://www.example.com/*",

"http://example.com/*"

]

}

]

}

which is explained in detail at : http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

How to allow aws s3 bucket contents only to publicly serve a certain domain?

Question:

Answer:

Leave a Reply Cancel reply