Reputation: 39429
Best way to protect resources hosted on Amazon S3?
I’m creating a website where people can sign up and pay to watch videos. The site will be built in PHP and envisage it working as follows:
- Content creators upload their content (video file is uploaded to S3 bucket)
- Users can sign up, pay to watch uploaded videos
Therefore, I need a way to protect objects on a per-user basis so a user can’t pay to watch a video, inspect the HTML, and share the video’s URL with someone else who could then watch it without paying.
I thought about using IAM, creating an IAM user with access to purchased videos (objects) granted as a permission as a registered user on my website purchases videos, but watching the introduction video from AWS it seems IAM users are more for granting access to people to be able to log into the AWS Console and manage my AWS services, and not as a method of granting privileges to objects to users of a web service.
If I’m right in thinking that IAM users are more for those accessing my services via the Console, what are my options for granting specific privileges to users of my application?
Upvotes: 0
Views: 680
Answers (1)
Reputation: 14144
You'll need to use your own auth system in tandem with Amazon's Signing and REST Authentication API and AssumeRoleWithWebIdentity to create temporary security credentials per user (upon request).
Upvotes: 1
Related Questions
- What's the alternatives to keep my s3 buckets secure in AWS?
- Protecting S3 assets without CloudFront
- Protecting AWS resources based on Tags
- Protect s3 Object from Public
- AWS S3 & IAM - Define policy where user have only access (read) to certain folders
- Fine-grained access control S3 (combining user and service role policies)
- Securing bucket- and resource access in Amazon Web Services S3?
- amazon s3 for downloads how to handle security
- How to manage access to AWS S3 resources
- Best Practices in Protecting Amazon S3 Files?