To restrict Amazon s3 media files download and access to a specific domain then follow the steps below.
- Step 1: Go to the Amazon S3 bucket
- Step 2: Click on the main folder of the bucket
- Step 3: At the top, you will see properties, permissions, metrics, management, and access points. Click on permissions
- Step 4: Copy and paste the JSON code below to the Bucket Policy form. Make sure you have changed the highlighted text below to your s3 account username, domain URL, and bucket name
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests referred by www.blogiestools.com and blogiestools.com.",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::491093115787:user/blogfy"
},
"Action": "*",
"Resource": "arn:aws:s3:::blogy/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"https://www.blogiestools.com/*",
"https://blogiestools.com/*"
]
}
}
},
{
"Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::blogy/*",
"Condition": {
"StringNotLike": {
"aws:Referer": [
"https://www.blogiestools.com/*",
"https://blogiestools.com/*"
]
}
}
}
]
}
Step 5: Scroll to the bottom and the JSON file below to Cross-origin resource sharing. Change domain URL to your site URL.
[
{
"AllowedHeaders": [
"Authorization"
],
"AllowedMethods": [
"GET",
"POST",
"PUT"
],
"AllowedOrigins": [
"https://blogiestools.com"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
Only media files that are accessed from a link available in your domain can be downloaded.