Can Amazon S3 object url be protected from being accessed by anyone? - PhpOut

BhaveshJha
May 9, 2023
498 views
0 votes
2 Answers

When I map my userdocumentseo to userdocumentsdto in java I get documents upload url like https://s3.amazonaws.com/approves3/44/IMG_0189.jpg.

This link can be opened by anyone whether or not the user is a member of my website. This is not secure. How to protect it?

Tags: amazon-s3 amazon-web-services java spring-boot

Answers

- IgorTopolski
- May 8, 2023 at 2:12 pm
- 0 votes
0
AWS provides good documentation on how to implement authentication for S3 assets using CloudFront.

Login or Signup to reply.

- gusto2
- May 8, 2023 at 7:49 pm
- 0 votes
0
This answer assumes you want to allow access to the resources only for the application users. If that’s not the case, you may need to ask more specific question.

This link can be opened by anyone whether or not the user is a member of my website

If you make the resource public, you basically allowed any unauthenticated access. Regardless from your application or not.

The default (adviced) way to protect the resources is making the object private and make the application creating a signed (temporary) url.

https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/examples-s3-presign.html
```
               GetObjectRequest getObjectRequest = GetObjectRequest.builder()
                   .bucket(bucketName)
                   .key(keyName)
                   .build();

               GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder()
                   .signatureDuration(Duration.ofMinutes(60))
                   .getObjectRequest(getObjectRequest)
                   .build();

               PresignedGetObjectRequest presignedGetObjectRequest = presigner.presignGetObject(getObjectPresignRequest);
               String theUrl = presignedGetObjectRequest.url().toString();
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.