I am storing images in the s3 bucket using java spring-boot and storing the file path in the DB. I am giving the path to the client so that they can view the file instead of download it.I am able to generate pre-signed URL for the s3 object. So, that if I give to the client they can view the file contents But if the person shares it with others, they can also view. I want to make this URL as password protected. Is there any way to do it? Or any other way so that client can view the file?
Asked
Active
Viewed 1,041 times
4
-
This is an interesting problem. According to the [docs](https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html), "Anyone who receives the pre-signed URL can then access the object." This is because when you create a presigned URL, you do so by providing your own credentials, and the only protection that URL has is its expiry date and time. – Ishnark May 29 '18 at 23:01
-
1Take a look at these resources: You can, for each of your clients, create a user in AWS with only read permissions to a [particular folder in an S3 Bucket](https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/), store each client's files in their respective folders, and to and then [use THAT users AWS ID and secret to generate a download link](https://stackoverflow.com/questions/7678835/how-secure-are-amazon-aws-access-keys). – Ishnark May 29 '18 at 23:02
-
1thanks, @Ishnark, I found another way to get this without using pre-signed URL. – ASHVINI KUMAR May 30 '18 at 06:21
-
1@ASHVINIKUMAR can you elaborate another way please? – chirag Apr 02 '20 at 19:55