Prevent direct download of audio files from amazon s3

Question

I have audio files stored at Amazon S3 which are accessed from a web based music player app and also from mobile apps. Even non signed in users should be able to access the

Answer 1

You can restrict access based on the HTTP referrer. It's not bulletproof (Referrer can be spoofed) but it will stop casual downloads.

You use a bucket policy to restrict the possible values for Referrer.

There's an example on this page (scroll down a bit) http://docs.aws.amazon.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html

Here's their example:

{
  "Version":"2008-10-17",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests originated from www.example.com and example.com",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::examplebucket/*",
      "Condition":{
        "StringLike":{
          "aws:Referer":[
            "http://www.example.com/*",
            "http://example.com/*"
          ]
        }
      }
    }
  ]
}

You could also do signed URLs that expire - that would stop people from LINKING to your content from other site.