S3 Uploads requiring public access

CJ Infantino

Is there anyway around this?

I am using the s3-upload-updated plugin and it's uploading and displaying fine in the forum, but it requires the file have public access in AWS.

Is there anyway to restrict this so you can only view the image/file within the forum?

Giggiux

I think you should configure the S3 Bucket's policies.

I think, but I'm not sure since I just googled it, should be something like:

{
  "Version": "2008-10-17",
  "Id": "preventHotLinking",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
      "Condition": {
        "StringLike": {
          "aws:Referer": [
            "http://yourwebsitename.com/*",
            "http://www.yourwebsitename.com/*"
          ]
        }
      }
    }
  ]
}

AWS Documentation
StackOverflow Question
Little Extra

Bri

@CJ-Infantino said in S3 Uploads requiring public access:

Is there anyway to restrict this so you can only view the image/file within the forum?

Off the top of my head, I think the only way to use offline storage like s3 would be to mount it as a network drive, and Symlink it in your uploads folder, since that's how you could control access to only people that are logged in

rod

@CJ-Infantino I added a bucket policy that restricts all hotlinking except from my site itself. I am using a Deny with a StringNotLike condition.

This is what works for me:

{
  "Version": "2008-10-17",
  "Id": "preventHotLinking",
  "Statement": [
    {
      "Sid": "Allow get requests referred by example.com",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::exampleBucket/*",
      "Condition": {
        "StringNotLike": {
          "aws:Referer": [
            "http://example.com/*",
            "https://example.com/*"
          ]
        }
      }
    }
  ]
}