AWS S3 - File access only allowed when coming from a specific domain
Hi
I've added a PDF file to a bucket. I only want people to be able to view it if they are visiting from a specific domain name. If someone had the actual link they wouldn't be allowed to view it unless they were logged in on the allowed domain.
Mank thanks
Hi
Thanks for this info. I'm really new to AWS & S3. I looked at the Limiting access to specific IP Addresses help doc and noticed Restricting access to a specific HTTP referer. I've played around with that and can get that to only allow access if the user is coming from the allowed domain.
The help doc says to be careful with aws:Referer. Would you say what I am doing could be dangerous?
I modified the sample policy i.e.
{ "Version":"2012-10-17", "Id":"http referer policy example", "Statement":[ { "Sid":"Allow get requests originating from www.example.com and example.com.", "Effect":"Allow", "Principal":"", "Action":["s3:GetObject","s3:GetObjectVersion"], "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/", "Condition":{ "StringLike":{"aws:Referer":["http://www.example.com/","http://example.com/"]} } } ] }
Cheers
I don't think it is possible to restrict from a particular domain but you can restrict the GetObject request to only a set(s) of CIDR addresses. See: Limiting access to specific IP addresses
If you fronted the bucket with CloudFront, you could do something similar using a WAF rule.
Relevant questions
S3 Bucket cannot be reached in GroundTruth Labeling
asked 3 months agoSharing Access to External Parties in Workdocs specific folders
asked 2 months agoIs it possible to use artifacts in an S3 Bucket From a Different Region To CodeDeploy Application
asked 4 months agoUploading a file I downloaded from Sharepoint to S3 Bucket
Accepted Answerasked a month agoAWS S3 - File access only allowed when coming from a specific domain
asked a month agoHow do we unzip a file in S3 bucket using C#.NET
asked 2 months agoHow to give a user access only to a specific group of cloudwatch logs
asked 2 months agoProtecting AWS API Gateway From 3rd Party Only
asked 3 months agoS3 Access denied on pdf file type only
asked 3 months agoAccessing AWS FSX from a windows EC2 that is not joined to the same domain.
asked 20 days ago
It is so easy for the client to set the Referer value to what ever they want. It really does not limit access from those domains.