amazon web services - How to restrict CloudFront access to my website only? -


i have looked below answer talks origin access identity private content , signed urls. content not private, open public dont want other websites hotlink images. in other words, images on site should access via urls under domain.

simple example restrict access cloudfront(s3) files users not others

i've followed below document create oai on cloudfront distribution.
http://docs.aws.amazon.com/amazoncloudfront/latest/developerguide/private-content-restricting-access-to-s3.html

after apply oai on distribution, weird happened. access images, , not.
, when working localhost not access cloudfront images.

is there way can specify domains have access resources , ones not? this?

{             "sid": "allowpublicread",             "effect": "allow",             "principal": {                 "aws": "*"             },             "action": "s3:getobject",             "resource": "arn:aws:s3:::my-bucket/*",             "condition": {                 "stringlike": {                     "aws:referer": [                         "http://example.com/*",                         "localhost:*"                     ]                 }             }         } 

the "block" action via policy have has happen @ cloudfront level. s3 won't factor in except when it's being queried new content (which might explain why had weird issues trying access images).

if issue trying block hotlinking, unfortunately, believe way handle via aws signed url's: http://docs.aws.amazon.com/amazoncloudfront/latest/developerguide/privatecontent.html

here's stack thread on subject: preventing amazon cloudfront hotlinking

just give alternative simpler, though requires occasional manual updating, here i've done in past. core of put cname on cloudfront distribution, assets-1.yoursite.com. after few months, if find being hotlinked to, can change cname assets-2.yoursite.com, , update site use new url. if have single variable controls cdn path site, quick fix.

it's explained in depth here: http://www.explainthatstuff.com/blocking-cloudfront-hotlinks.html

you use cloudfront 'popular objects' , 'top referrer' analytics sections in aws console monitor amount of traffic coming other sites see when time switch cname's.


Comments

Popular posts from this blog

c# - Better 64-bit byte array hash -

webrtc - Which ICE candidate am I using and why? -

php - Zend Framework / Skeleton-Application / Composer install issue -