Zags
Reputation: 41210
Make all files private when using django s3 file storage
When using the S3BotoStorage file storage from Django-storages (DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'), files are created as publicly viewable. How do I make files only visible to users I explicitly give URLs to? I know boto has ways of generating temporarily valid urls.
Upvotes: 2
Views: 1309
Answers (1)
Zags
Reputation: 41210
Set the following in settings.py:
AWS_DEFAULT_ACL = "private"
Then, make sure the following settings are their default values (you can either set them as follows or remove them from your settings.py):
AWS_QUERYSTRING_AUTH = True
AWS_S3_CUSTOM_DOMAIN = None
You should also use the block all public access setting on the bucket.
Upvotes: 1
Related Questions
- Django use private S3 storage only in production environment
- How to get Django to make some files public and media files private on AWS S3 (no 403 errors)?
- Django S3 private storage
- How to store private documents in Django on production?
- django-storages with Amazon S3 - prevent overwriting
- Private s3 file visible to public - django
- Restrict s3 file to Django group user
- Set file permission not public with django-storages and S3boto
- How can I use django-storages for both media and static files?
- deny direct access to file on S3