Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
287 views
in Technique[技术] by (71.8m points)

amazon web services - How do I make my S3 videos viewable on specific website only?

UPDATE: Added CORS policy (below) and still it is not working. Please someone help me find the problem.

I have been struggling with this for hours. I have a bucket called test-pcrp. I want the videos in this bucket to be viewable on my website only. Below are the bucket settings, bucket policy and CORS that I have in place. However, no matter what I do the video is not viewable on the site.

Bucket Settings:
OFF - Block all public access
ON - Block public access to buckets and objects granted through new access control lists (ACLs)
ON - Block public access to buckets and objects granted through any access control lists (ACLs)
OFF - Block public access to buckets and objects granted through new public bucket or access point policies
OFF - Block public and cross-account access to buckets and objects through any public bucket or access point policies

Policy:

{
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originating from www.dev.pcrprograms.org and dev.pcrprograms.org.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::test-pcrp/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://dev.pcrprograms.org/*",
                        "http://dev.pcrprograms.org/*"
                    ]
                }
            }
        }
    ]
}

CORS Policy

[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD"
],
"AllowedOrigins": [
"https://dev.pcrprograms.org"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
question from:https://stackoverflow.com/questions/65923423/how-do-i-make-my-s3-videos-viewable-on-specific-website-only

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Your policy probably isn't working because objects in Amazon S3 are private by default. Adding a Deny policy does not grant access -- it just further restricts access.

However, using referer to control access is unreliable. Referer spoofing is quite easy and should not be relied upon as a means of security.

The preferred option is to have your back-end generate Amazon S3 pre-signed URLs, which are time-limited URLs that provide temporary access to private objects stored in Amazon S3.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...