Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – How to restrict read access to file in S3 file

I’m new in AWS S3. My project needs to upload images to a ‘private’ S3 bucket (disable all public access setting in S3) and allows only certain users to access these images who have valid JWT token (mostly stored in browser, maybe localStorage / cookie)

So how can I setup S3 service and implement in C# to archive this goal: open URL with valid token then user can view image, and show unauthorize access page if user don’t valid token. Sample content may be like below

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>ResourceNotFound</Code>
<Message>The specified resource does not exist. RequestId:4087a246-001e-0002-3481-37acce000000 Time:2024-11-15T17:13:52.7976811Z</Message>
</Error>

I found something like cloudfront but I don’t know where I need to start or is that my expected stuff

Thanks

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    We can use CloudFront distributions to secure the S3 object

    Here's step by step guide

    The term I mentioned above about the valid token can be checked by trigger a lambda function when accessing to a signed url

    https://github.com/aws-samples/amazon-cloudfront-signed-urls-using-lambda-secretsmanager


  2. 0

    Amazon S3 buckets are private by default. Therefore, your first requirement is already met.

    To provide access to specific people, you have a couple of choices:

    Option 1: AWS Credentials

    You can create IAM Users and request Security Credentials. This is typically used for programmatic access. When accessing the file in S3, you can provide the credentials and gain access to the private file.

    Option 2: Pre-signed URL

    Alternatively, your C# program can use IAM credentials to generate an Amazon S3 pre-signed URL, which provides time-limited access to private objects in Amazon S3. The users can simply use this URL in their browser to access the file as normal.

    It would be the responsibility of your C# program to authenticate the users and verify that they should be entitled access to the file. If they are permitted, the program can generate the pre-signed URL in a few lines of code.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search