stackoom
  简体   繁体   中英

How Do I Secure My Amazon S3 Buckets

 原文  2012-06-08 05:04:54       php/ security/ amazon-s3

Question

I have Amazon S3, which contains a bunch of my videos (for Internet Marketing). I also have images, scripts, packaged courses, video tutorials, all kinds of stuff. All the files are sorted through different folders inside my Amazon bucket.

The issue is, all the files are easily available to anyone using some Amazon S3 Bucket ripping programs. You just enter the bucket name, and boom you can just rip everything. I also received an email from Amazon a little while back about my bucket being insecure and publicly accessible.

I guess I have to setup some bucket policy?

I need the ability to embed the videos on my various web sites (video squeeze pages). Also with my training area, it too has embedded video tutorials, as well as some zip files for members to download, ect. Also my JWPlayer SWF controller file and the matching jwplayer.js file, are both located on my Amazon S3 (so that it loads fast, and all my video embeds use it, so I don't have jwplayer uploaded 20 different times across many sites).

How am I going to not make the Bucket publicly accessible, but yet it still can embed on my pages. I can't set it to only allow a domain, because it will be used across many sites. I could allow it from the IP of my server? If I did have it use the domain, I could have 1 site as the redirect just to set the referrer. Like a controlling PHP file that has permission to access the S3...

Any help, links, insight on how I can get this working and secured would be great. Thanks in advance!

1 answers

solution1
 -1  2012-08-30 08:45:44

You need to create special links that you only share on your pages and that have a time limit on them. That way, if the links get out on the web, they only last a few seconds, minutes, or hours. In my case I created a membership website where one had to login to get the links. Even then, if those members cut/paste those links on the web, the links are dead within a half-hour.

I talk about a function I created for this in PHP here . More info is here .

My function in PHP works, but it doesn't handle subfolders yet and that's why I placed a stackoverflow question ticket on it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I display protected Amazon S3 images on my secure site using PHP? How do I show an image from my Amazon S3 on my website? Php - Amazon s3 how do I check my connection is success or not How can I create an Amazon S3 clone on my host? How do I download a file with php and the Amazon S3 sdk? Laravel secure Amazon s3 bucket files How do i upload to amazon s3 using Heroku composer amazon aws sdk Amazon S3 Requester Pays Buckets not requesting the user pay Amazon S3: Delete empty buckets using Lifecycle Get files from amazon s3 buckets sub folder
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM