How do I use S3 to deliver a digital product?


I've been looking all over the internet and I can't seem to find a clear-cut solution, so I'm asking it here. I apologize in advance if this is a easy fix.

Basically, I'd like to use S3 to deliver digital products. I'd also like my bucket to continue being private.

The only way I've found to do this is to create presigned urls. But that would limit how long the url is live.

I need the url to be live for as long as I can get it, so I don't have to regenerate a new url everytime someone wants to download a product.

What I've seen is maybe a cloudfront possibility, but I don't think I need to connect my domain to get that to work. Plus, I don't want to connect my domain.

I have no intentions of delivering images via my bucket, and that seems to be the only "tutorial" I find.

I just need some help here. I intended to have S3 as a regular "file manager with url's" but it seems much more complicated than that.

Can you help me out?

asked 7 months ago315 views
2 Answers


There is a feature of Amazon CloudFront called signed URLs which might be useful in this scenario. You will need to create these URLS programmatically but they can be valid for a long time.

You can also distribute private content using a signed URL that is valid for a longer time, possibly for years. Signed URLs that are valid for a longer period are useful for distributing private content to known users, such as distributing a business plan to investors or distributing training materials to employees. You can develop an application to generate these longer-term signed URLs for you.

You don't need to connect a CloudFront distribution to your own domain unless you want to and can just use the domain that is auto generated for the distribution.

answered 7 months ago

You can't simultaneously have something be private but offer public links to it; you need some sort of proxy in between to manage the access. If you intend to limit the distribution of your digital products to only those who pay for them (or some other restriction) then you need to control access.

You could do that with IAM or bucket policies that restrict access to certain principals (identifiable things, like users or accounts), but that requires your users to identify themselves in some way. That's where signed URLs are useful, because they allow you to bake authentication and authorization into a public URL.

You can also do that via Cloudfront, restricing access to the bucket to only those who connect through a Cloudfronf Distribution. You don't need to use a custom domain to use Cloudfront, you can just use the autogenerated domain (which will be something like

profile pictureAWS
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions