Reputation: 41
How to create session token for my file on AWS S3 if it connected to other CDN provider?
I have some video file stored on AWS S3 and I want to secure these files by adding session token with specific expiry time on the video URLs for preventing unauthorized access.
I know the s3 SDK can generate temporary credentials with Cloudfront to achieve this.
However, if I connected S3 to other CDN provider such as cloudflare. Will these temporary credentials work perfectly?
For example, my video file is stored on s3 -> http://files.video.com.s3.amazonaws.com/video.mp4
The cloudflare cdn url is -> http://files.video.com/video.mp4
If i generated temporary credentials for the file and access the url -> http://files.video.com/video.mp4?token=4180da90a6973bc8bd801bfe49f04a&expirey=1526231040535
Will it work?
Upvotes: 1
Views: 1112
Answers (1)
Reputation: 5643
It sounds like you're referring to S3 Presigned URLs. No, if your S3 bucket is private, CloudFlare will not be able to generate presigned URLs to access your files. AWS CloudFront uses an Origin Access Identity to resolve this issue. However with 3rd party CDNs, this is not possible.
There are 2 ways you could achieve better security (source).
- Make your bucket public but restrict the allowed IPs for your S3 bucket to only CloudFlare IPs.
- Make your bucket private and use CloudFlare workers to authorize its GET requests
Upvotes: 1
Related Questions
- Amazon session token
- Authenticate s3 request based on both file and request
- Authenticated File Downloads to S3 Bucket with CloudFormation
- How to make files in S3 private if session has expired
- How to securely serve S3 files without using Signed URL?
- AWS S3 bucket access token
- How to share session with a HTTP fetch and store to S3 operation?
- S3: Allow download of files for those who have some token
- Amazon AWS Request Token From Secure Token Service
- How to sign Amazon S3 request without providing AWS Credentials?