Limit access to 'protected S3 files' for some category of users only


My situation I have some paying users, and some non-paying users. If the user is paying, then he should be able to access the images (saved in s3) of all other users on the website. If the user is not paying, he should not be able to access any of the images of the other users.

What I have tried I have tried playing around with 'protected s3 files' that all users can access as long as they are logged in. I guess what I need is some way to further constrain these protected files to additionally be limited to users who are paying. Or maybe Im looking for something entirely different?

1 Answer


In S3, we have something known as access points, which are named network endpoints that serve as the entry point for an application. Applications don't access the S3 Bucket directly but rather through the access points. With access points, we can fine-grain who has access to what in the S3 Bucket using Access Point Policies.

If you are using the SDK with your website, you can specify the access point ARN instead of the bucket name for API operations like GetObject and PutObject. If you want to use this effectively, you also have to have a solid partitioning strategy in place to make access easier.

In addition to making the files more secure and also only accessible for a limited amount of time, you can use pre-signed URLs in conjunction with the SDK; only users who have permission to the file and also the right IAM permissions can create these pre-signed URLs

profile picture
answered 4 months ago
profile picture
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions