I created an S3 bucket with a subfolder containing several images that I want to use in my app. Right now, all public access is blocked (the default settings) so if I try to access the AWS-generated Object URL for an image, I get an Access Denied error.
I want to be able to use the images in an app (ex. myapp.mysite.com) but right now, if I use the URL as the
src value of an
img tag, it won’t work. At the same time, I don’t want my
images buckets to be visible and accessible to everyone. Is there a way to restrict access to files inside a bucket to a sub/domain?
Hello and welcome to the forum !
I don’t have that much experience with AWS (nor I have access to an AWS account ) , so I will give You this link that shows how to do it.
Now, there is something that seems weird:
I don’t want my images to be visible and accessible to everyone
I mean, You can restrict access to a specific domain to the bucket, but anyone with access to Your app will be able to download the images, which means a robot/crawler/scrapper will be able to download them too .
Hi @skaparate, that’s a typo. I meant buckets not images. The images would be public (anyone using my app can view and download them) but I don’t want just anyone to access the rest of the bucket or see its other contents.
The main reason I’m looking at restricting the images to my domain is that I don’t want them to be used (or linked) anywhere else on the web because I’m the one paying for the costs of requests and data retrieval.
I think I figured it out, so I’m going to share what I did. I followed the example given under Restricting Access to a Specific HTTP Referer to generate a new policy using the AWS Policy Generator.
ARN: the ARN of the subfolder that contains my images
Then I added this condition:
- Value: the app URL
You can also optionally include a condition for an explicit deny (as outlined in the example).