AWS S3 bucket policy - how to allow access only from my website?

Question

I have a paperclip text file attachment (in Rails).

My bucket policy is:

{
    \"Version\": \"2008-10-17\",
    \"Id\": \"Policy123\",
    \"Statemen         


        

Answer 1

You can check some examples in S3 Documentations

To restrict the access from your web site, you can use the condition on Referrer:

{
  "Version":"2008-10-17",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests referred by www.mysite.com and mysite.com",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::example-bucket/*",
      "Condition":{
        "StringLike":{
          "aws:Referer":[
            " http://www.mysite.com/*",
            " http://mysite.com/*"
          ]
        }
      }
    }
  ]
}