Reputation: 2327
How to restrict image acess to authorized website users only
I'm working on a project for which I need to store user uploaded images in a secure way. Currently, I'm hosting the website on AWS s3 (static content) with cloudfront. The backend is deployed separately behind application load balancer.
The use case is - A user uploads image(s) from his desktop which go to a bucket in s3. I've set the bucket policies so that everybody is able to upload images to it (since it's a public website). Now, I've to restrict the image access only to the user who has uploaded it. i.e If user A uploads images A1, A2, A3, only he should be able to view those and not user B.
Currently, if I get the url through browser inspect tool, I can view the image directly without any restrictions. This defeats the purpose of "securely" storing images on the website. Could someone let me know about any standard practices, pointers to this problem? Would generating the image url each time through backend with some special hash be over engineering?
Upvotes: 3
Views: 139
Answers (1)
Reputation: 8067
Check out AWS Amplify's Storage module and the File Access Levels docs. Out of the box it supports a private level that lets users upload into (and view from) only their own namespaced prefixes in the bucket. This sounds like exactly what you're after.
Upvotes: 2
Related Questions
- User wise restricted access of s3 bucket media URL (AWS)
- How to only show an image stored in S3 bucket to anyone with the right key?
- Protecting S3 assets without CloudFront
- How to add public access for the images while uploading images to AWS S3
- Block s3 public url access for my image and only show the image in mobile app or website
- Restrict access to AWS Cloudfront hosted content
- Restrict S3 object access using CloudFront
- Allow images from S3 only under my domain
- Amazon Cloudfront to serve images only
- Simple example to restrict access to Cloudfront(S3) files from some users but not others