S3 is an object based storage service and although you can manage who has access to your S3 bucket and the objects stored in it, there’s currently no direct way of preventing users who have been granted read access to the files stored in your S3 bucket from downloading them.
=> Potential options would be to make use of :
a. HLS Content Protection - https://docs.aws.amazon.com/elastictranscoder/latest/developerguide/content-protection.html
b. DRM (which restricts access to your playlist so that only authenticated users can view your content) Digital Rights Management - https://docs.aws.amazon.com/elastictranscoder/latest/developerguide/drm.html
- https://stackoverflow.com/questions/46702054/amazon-s3-bucket-policy-to-prevent-download (as this is a third party link please be cautious)
=> You can also refer to these documents on securing videos using Cloudfront and other media services :
Please note that the implementation of above solutions might have cost implications. So, please refer to the applicable pricing documents before using any service.
I would also advise first deploying these changes (with regards to whichever option you want to test/implement) in a test environment and not your live site or normal environment.
Could you provide more details? Technically there is no big difference between streaming and downloading of data as anyway data reached final device.
One of the solution could be usage of encryption: your stream client will be able to decrypt data by receiving a temporary key while direct downloading will just give you an encrypted data.
Restrict access to s3 bucketAccepted Answerasked a month ago
Restricting access to video content using cloudfrontasked 3 months ago
S3: How to restrict IAM access to one Bucketasked 5 days ago
Restrict a Cloudfront distribution to only ClientVPN usersasked 6 months ago
How to restrict download permission for content served from presigned-urlasked 2 months ago
Restrict Lambda DeleteNetworkInterface Permission?asked 5 months ago
EKS Fargate: restrict access to service to only certain podsasked 6 months ago
Policy to restrict command and instance combinationsasked 3 years ago
How to restrict user to modify instance (ec2:ModifyInstanceAttribute)asked 3 years ago
Restrict access to Cloudfront from ABLasked 3 months ago