When I map my userdocumentseo
to userdocumentsdto
in java I get documents upload url like https://s3.amazonaws.com/approves3/44/IMG_0189.jpg
.
This link can be opened by anyone whether or not the user is a member of my website. This is not secure. How to protect it?
2
Answers
AWS provides good documentation on how to implement authentication for S3 assets using CloudFront.
This answer assumes you want to allow access to the resources only for the application users. If that’s not the case, you may need to ask more specific question.
If you make the resource public, you basically allowed any unauthenticated access. Regardless from your application or not.
The default (adviced) way to protect the resources is making the object private and make the application creating a signed (temporary) url.
https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/examples-s3-presign.html