How to restrict download permission for content served from presigned-url

Hi,

S3 is an object based storage service and although you can manage who has access to your S3 bucket and the objects stored in it, there’s currently no direct way of preventing users who have been granted read access to the files stored in your S3 bucket from downloading them.

=> Potential options would be to make use of :

a. HLS Content Protection - https://docs.aws.amazon.com/elastictranscoder/latest/developerguide/content-protection.html

b. DRM (which restricts access to your playlist so that only authenticated users can view your content) Digital Rights Management - https://docs.aws.amazon.com/elastictranscoder/latest/developerguide/drm.html

• https://stackoverflow.com/questions/46702054/amazon-s3-bucket-policy-to-prevent-download (as this is a third party link please be cautious)
• https://aws.amazon.com/blogs/aws/using-amazon-cloudfront-for-video-streaming/

=> You can also refer to these documents on securing videos using Cloudfront and other media services :

• https://aws.amazon.com/blogs/media/part-1-protecting-your-video-stream-with-amazon-cloudfront-and-serverless-technologies/
• https://aws.amazon.com/blogs/media/creating-a-secure-video-on-demand-vod-platform-using-aws/

Please note that the implementation of above solutions might have cost implications. So, please refer to the applicable pricing documents before using any service.

I would also advise first deploying these changes (with regards to whichever option you want to test/implement) in a test environment and not your live site or normal environment.

Hello,

Could you provide more details? Technically there is no big difference between streaming and downloading of data as anyway data reached final device.

One of the solution could be usage of encryption: your stream client will be able to decrypt data by receiving a temporary key while direct downloading will just give you an encrypted data.