🚀 DevOps & SRE Certification Program 📅 Starting: 1st of Every Month 🤝 +91 8409492687 🔍 Contact@DevOpsSchool.com

Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Prevent direct download of photos/video files from amazon s3

You can restrict access based on the HTTP referrer. It’s not bulletproof (Referrer can be spoofed) but it will stop casual downloads.

Suppose you have a website with domain name (www.devopsschool.com or devopsschool.com) with links to photos and videos stored in your S3 bucket, examplebucket. By default, all the S3 resources are private, so only the AWS account that created the resources can access them. To allow read access to these objects from your website, you can add a bucket policy that allows s3:GetObject permission with a condition, using the aws:Referer key, that the get request must originate from specific webpages. The following policy specifies the StringLike condition with the aws:Referer condition key.

{
  "Version":"2012-10-17",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests originating from www.example.com and example.com.",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::examplebucket/*",
      "Condition":{
        "StringLike":{"aws:Referer":["http://www.example.com/*","http://example.com/*"]}
      }
    }
  ]
}Code language: JSON / JSON with Comments (json)

You can further secure access to objects in the examplebucket bucket by adding explicit deny to the bucket policy as shown in the following example. Explicit deny supersedes any permission you might grant to objects in the examplebucket bucket using other means such as ACLs or user policies.

{
   "Version": "2012-10-17",
   "Id": "http referer policy example",
   "Statement": [
     {
       "Sid": "Allow get requests referred by www.example.com and example.com.",
       "Effect": "Allow",
       "Principal": "*",
       "Action": "s3:GetObject",
       "Resource": "arn:aws:s3:::examplebucket/*",
       "Condition": {
         "StringLike": {"aws:Referer": ["http://www.example.com/*","http://example.com/*"]}
       }
     },
      {
        "Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::examplebucket/*",
        "Condition": {
          "StringNotLike": {"aws:Referer": ["http://www.example.com/*","http://example.com/*"]}
        }
      }
   ]
}
Code language: JSON / JSON with Comments (json)
{
  "Id": "Policy1560396001395",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1560395998201",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::devops-t1/*",
      "Condition": {
        "StringLike": {
          "aws:Referer": "https://www.devopsschool.com/*"
        }
      },
      "Principal": "*"
    }
  ]
}
Code language: JSON / JSON with Comments (json)
{
    "Version": "2008-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originated from www.example.com and example.com",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::devopsschoolmumbai/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://www.devopsschool.com/*",
                        "https://devopsschool.com/*",
                        "https://devopsschool.com*",
                        "https://devopsschool.com"
                    ]
                }
            }
        }
    ]
}
Code language: JSON / JSON with Comments (json)
Subscribe
Notify of
guest


1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tim
Tim
2 years ago

Thank you, that worked perfectly.

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

1
0
Would love your thoughts, please comment.x
()
x