skip to Main Content

I am trying to secure our AWS S3 bucket to be accessed only from our WordPress website. I have tried to implement this using a blog How to restrict s3 bucket for specific domain name? – Eternal Blog but the problem is not solved, and policies are not working as intended.

2

Answers


  1. Chosen as BEST ANSWER

    Answer:

    The way described in that blog is working fine, make sure you create a new bucket and go that way. You can skip the CORS section inside that tutorial.

    The issue in mine is that in the previous bucket which was created by my client and he added some rules in the bucket which were not let me do the intended tasks so I just created a new bucket and then followed that blog.

    Thanks


  2. Using referer to limit traffic is not a reliable security mechanism because it can easily be faked when sending an HTTP request.

    There is no way to guarantee that content is only "accessed from a custom domain".

    The ‘correct’ way to secure content in Amazon S3 is to have users authenticate to a back-end app, and then serve content via Amazon S3 pre-signed URLs, which provide time-limited access to private objects in Amazon S3.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search