Setup your Amazon S3 Bucket Permissions to Protect Your Files

If you are using Amazon S3 to host your video files, I have recently become aware of a neat trick that will let you only allow your domain name to use the files within your Amazon S3 bucket.

Here are the steps to set up an Amazon S3 Bucket Policy:

1. Login to your aws.amazon.com account
2. Go into your S3 Management Console (by clicking on the red S3 link on the left side of the screen after you log in).
3. Move your mouse over the name of the bucket you need to do this for, right-click on it and go to “Properties”
4. On the right side of the screen, click on “Permissions”
5. Then click on “Add Bucket Policy”
6. A new window will come up. Use the policy below making sure to copy/paste exactly

{
    "Version": "2008-10-17",
    "Id": "Policy1408118342443",
    "Statement": [
        {
            "Sid": "Stmt1408118336209",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKETNAME/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://YOUR-SITE-URL.com/*",
                        "https://YOUR-SITE2-URL.com/*"
                    ]
                }
            }
        }
    ]
}

7. Then find and edit BUCKETNAME to your s3 bucket name and YOUR-SITE-URL.com to your original site url where you want to access these files.

You must set your files to use AES 256 under “properties” and click on “details” to make the change. Here is an example of how this should look:

That’s it!