Reputation: 449
Securing AWS S3 Objects from direct url access
I have an angular application serving as a static hosted site from aws s3 wrapped by a cloudfront distribution. Also, this angular application accesses all images like profile pictures from a different S3 bucket (which grows overtime). This bucket is also wrapped under a cloudfront distribution.
My intention is to prevent anybody from directly accessing this images using url. Those images should be accessible only from my angular application and not from outside.
I tried adding CORS configuration to my S3 bucket as follows:
<CORSRule>
<AllowedOrigin>https://*.XXXX.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
Also I added origin whitelist in my cloudfront ditribution for my profile picture bucket. Still I am not able to access my profile pictures wither from browser or my application. It is throwing 403. Can somebody help here please.
Upvotes: 0
Views: 409
Answers (1)
Reputation: 1323
The way to do it is to create a Cloud Front Origin Identity and attach it to your distribution. If you do this via the console Cloud Front itself generates the S3 bucket policies that would prevent direct access.(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-creating-oai)
PS: CloudFront distribution could take some time to replicate.
Upvotes: 0
Related Questions
- Protecting S3 assets without CloudFront
- Block public access on S3, accessible from Cloudfront?
- AWS cloudfront with server-side encrypted s3 bucket
- Restrict Amazon S3 to CloudFront and http referrer
- Restrict S3 object access using CloudFront
- Restricting access to AWS S3 bucket based on referer
- cloudfront securing files in amazon s3?
- Protect Private Data in Amazon S3
- Amazon S3 access from Cloudfront through HTTP
- Access protected S3 bucket using CloudFront