Reputation: 533
How to use Cloudfront to protect my files
I have a bunch of images on my S3 which is linked with Cloudfront.
Now I have a web server and I only want users to view the image through my website so I can't just give out links to the image. How do I set that?
Upvotes: 2
Views: 563
Answers (1)
Reputation: 270074
It appears that your requirement is:
- Content stored in Amazon S3
- Content served via Amazon CloudFront
- Content should be private, but have a way to let specific people view it
This can be accomplished by using Pre-Signed URLs. These are special URLs that only work for a limited period of time.
When your application determines that the user is entitled to view an image, it can generate a Pre-Signed URL that grants access for a limited period of time. Simply use this URL in an <IMG> tag as you would normally.
See:
Since your content in Amazon S3 will be private (so users cannot bypass CloudFront and access it directly), you will also need to grant CloudFront permission to access the content from S3. See: Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content
Another option, instead of creating a pre-signed URL each time, is to use Signed Cookies. However, this doesn't give fine-grained control for access to individual objects -- it's more for granting access to multiple objects, such as a subscription area.
Upvotes: 4
Related Questions
- AWS CloudFront access denied to S3 bucket
- How do you set a default root object for subdirectories for a statically hosted website on Cloudfront?
- Correct S3 + Cloudfront CORS Configuration?
- CloudFront + S3 Website: "The specified key does not exist" when an implicit index document should be displayed
- AWS CloudFront redirecting to S3 bucket
- Amazon S3 Redirect and Cloudfront
- Serving gzipped CSS and JavaScript from Amazon CloudFront via S3
- Cloudfront files not updating
- Amazon Cloudfront: private content but maximise local browser caching