- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi
Thanks for this info. I'm really new to AWS & S3. I looked at the Limiting access to specific IP Addresses help doc and noticed Restricting access to a specific HTTP referer. I've played around with that and can get that to only allow access if the user is coming from the allowed domain.
The help doc says to be careful with aws:Referer. Would you say what I am doing could be dangerous?
I modified the sample policy i.e.
{ "Version":"2012-10-17", "Id":"http referer policy example", "Statement":[ { "Sid":"Allow get requests originating from www.example.com and example.com.", "Effect":"Allow", "Principal":"", "Action":["s3:GetObject","s3:GetObjectVersion"], "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/", "Condition":{ "StringLike":{"aws:Referer":["http://www.example.com/","http://example.com/"]} } } ] }
Cheers
I don't think it is possible to restrict from a particular domain but you can restrict the GetObject request to only a set(s) of CIDR addresses. See: Limiting access to specific IP addresses
If you fronted the bucket with CloudFront, you could do something similar using a WAF rule.
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a un an
- demandé il y a 6 mois
AWS OFFICIELA mis à jour il y a 8 mois- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
It is so easy for the client to set the Referer value to what ever they want. It really does not limit access from those domains.