By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Share MP4 file for webinar

0

Hello,

I am new to this platform. But my question is. I just made a bucket, added a file in it and then was looking for the .mp4 file for my webinar. Couldn't find it because it was private.

Now I just followed this guide: https://www.simplified.guide/aws/s3/create-public-bucket

But my question is: is this 'safe'? Can people, like, hack me now? Or not? Is there a 'safer' way to share a file to add in a webinar via s3? Or is this good enough?

It even requires some code.

Please let me know.

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
nick
asked 6 months ago145 views
1 Answer
0

The direct answer to your question is that by making your bucket public, by and large you need to assume that this means anybody and everybody has access to its contents.

If the only object in the bucket is your webinar.mp4 and you don't mind that anybody can download a copy for themselves then it's safe enough from that point of view. Though if you later upload something else to the bucket then that will be made public too. So it's a bad habit to get into, and best avoided.

You can protect your data by putting CloudFront in front of the bucket, so that the whole world has access to CloudFront, but only CloudFront has permission to access the bucket https://docs.aws.amazon.com/AmazonS3/latest/userguide/tutorial-s3-cloudfront-route53-video-streaming.html

(note that where it says purchasing a domain is a prerequisite it isn't really, it's just if you don't have a domain then you have to give out the ugly d111111abcdef8.cloudfront.net URL rather than the neat www.example.com )

Be aware that CloudFront has a cost associated with it.

There are other tricks, such as making your video available through a URL like http://my-first-bucket.s3.amazonaws.com/Webinar where Webinar is a HTML file that points to content in another bucket. Similar to the code extract here but the source lines need to point to the other bucket source src="https://my-second-bucket.s3.eu-west-2.amazonaws.com/webinar.mp4" type="video/mp4"

The second bucket is fully public, but access is tied down by a policy that gives permission only to the first bucket (see below).

This going way beyond what your question is about, but I hope it gives you some ideas as to how to share content if you don't want to make your bucket public.

   "Statement": [
        {
            "Sid": "Allow get requests originating from www.example.com and example.com.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::my-second-bucket/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://my-first-bucket.s3.amazonaws.com/*",
                        "https://my-first-bucket.s3.eu-west-2.amazonaws.com/*"
                    ]
                }
            }
        }
    ]
profile picture
EXPERT
Steve_M
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content