Reputation: 69
Restrict S3 objects URL only to logged in users on a website
My website has some files hosted on AWS S3 buckets, but I need to restrict access to the s3 objects URL to only logged in users of the website. Something similar to how google drive works. which means that anyone trying to access the urls to any of the files on our S3 bucket needs to be logged into the website before he or she would be able to.
Is this possible?
Thanks
Upvotes: 6
Views: 1471
Answers (2)
Reputation: 965
If you happen to use AWS Cognito for log in/out functionality, you can assign IAM roles to logged in users.
This way when trying to access the s3 bucket, you can restrict access using IAM roles.
AWS Amplify would be a good fit for this use-case.
Upvotes: 0
Reputation: 2096
If you want to restrict access to the S3 objects, don't make the objects public and don't use the public URLs shown on AWS S3 console.
S3 provides an option to generate pre-signed URLs to download S3 objects. So once your users log in to your website and when they request to download the S3 object, make a request to S3 to generate this pre-signed URL. Clicking on the pre-signed URL will download the object.
With pre-signed URLs, you can configure additional options like expiry time, so that these URLs are more secure.
You can find more info about pre-signed URLs and their implementation here.
Upvotes: 3
Related Questions
- How to add non-public website files on S3 based on website users?
- is there a way to limit access to s3 presigned url
- Make Amazon S3 files available only to logged in users
- Restricting access to S3 objects unless url is signed
- Restrict access to website hosted on S3
- Amazon S3 - Restrict Access by referer
- AWS S3 website access restriction to only users that are signed in into AWS
- Restrict access to Amazon S3 static webpage to only registered users
- restrict access to amazon s3 file to only allow logged in users access
- Restrict S3 permissions to just website