S3 Uploads requiring public access



  • Is there anyway around this?

    I am using the s3-upload-updated plugin and it's uploading and displaying fine in the forum, but it requires the file have public access in AWS.

    Is there anyway to restrict this so you can only view the image/file within the forum?



  • I think you should configure the S3 Bucket's policies.

    I think, but I'm not sure since I just googled it, should be something like:

    {
      "Version": "2008-10-17",
      "Id": "preventHotLinking",
      "Statement": [
        {
          "Sid": "1",
          "Effect": "Allow",
          "Principal": {
            "AWS": "*"
          },
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
          "Condition": {
            "StringLike": {
              "aws:Referer": [
                "http://yourwebsitename.com/*",
                "http://www.yourwebsitename.com/*"
              ]
            }
          }
        }
      ]
    }
    

    AWS Documentation
    StackOverflow Question
    Little Extra ;)


  • Community Rep

    @CJ-Infantino said in S3 Uploads requiring public access:

    Is there anyway to restrict this so you can only view the image/file within the forum?

    Off the top of my head, I think the only way to use offline storage like s3 would be to mount it as a network drive, and Symlink it in your uploads folder, since that's how you could control access to only people that are logged in



  • @CJ-Infantino I added a bucket policy that restricts all hotlinking except from my site itself. I am using a Deny with a StringNotLike condition.

    This is what works for me:

    {
      "Version": "2008-10-17",
      "Id": "preventHotLinking",
      "Statement": [
        {
          "Sid": "Allow get requests referred by example.com",
          "Effect": "Deny",
          "Principal": {
            "AWS": "*"
          },
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::exampleBucket/*",
          "Condition": {
            "StringNotLike": {
              "aws:Referer": [
                "http://example.com/*",
                "https://example.com/*"
              ]
            }
          }
        }
      ]
    }
    

Log in to reply
 

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.