Restrict S3 object access to requests from a specific domain


I have video files in S3 and a simple player that loads the files via an src attribute.

I want the videos to only be viewed through my site and not directly via the S3 URL (which might be visible in the source code of the page or accessible via right clicking)

Looking through the AWS docs it seems the only way i can do this via HTTP is to append a signature and expiration date to a query but this isn’t sufficient.
Other access restrictions refer to AWS users.

How do i get around this or implement this server/client side?


I think a Bucket Policy – which you can set up from the admin interface – will do this. There are some variations on the syntax (you can build your policy around a deny or an allow condition for instance) and filter on specific filenames, though I prefer to split media types into discrete buckets

Leave a Reply