Access restriction in CloudFront

Question

Hi, everyone.  
I would like to restrict access to my files in Amazon S3 bucket.  
In my case, I developed a game that has to download 500MB to 1GB assets when it starts in the first time.  
Players can access my files via a CloudFront link, download it, and I have no idea who he is.  
So I'm worried about malicious downloads, how can I prevent this from happening?  
Does AWS have done anything for preventing this kind of problem(ex: Malicious downloads which cause massive Bandwidth cost)?  
Maybe to have a expiration token to restrict access?

Accepted Answer

Hello JinAn,  
  
You can configure CloudFront to require that users access your files using either **signed URLs** or **signed cookies**.  You then develop your application either to create and distribute signed URLs to authenticated users or to send Set-Cookie headers that set signed cookies on the viewers for authenticated users. (To give a few users long-term access to a limited number of files, you can also create signed URLs manually.)  
  
~ Serving Private Content with Signed URLs and Signed Cookies - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html  
  
All the best,  
Etienne

Answer

Awesome! Thanks a lot! :)

Answer

You want to limit the bandwidth or number of downloads per IP per day?   
  
Use Lambda to catch the Viewer Request events, and record the visitor's IP and number of requests on db from your Lambda function.  
If the same IP requested too many downloads today, ban the IP.  
  
Lambda+Cloudfront How To: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-how-it-works-tutorial.html  
How to use a DB from Lambda: https://docs.aws.amazon.com/lambda/latest/dg/vpc-rds.html

Answer

Thanks!

Access restriction in CloudFront

相關內容