I have a website and an S3 bucket with numerous images, which should not be accessible directly from any machine with a direct URL.
Those images will be shown on different website pages for ONLY registered users.
I have tried to find a simple way to access S3 bucket files with a specific cookie or additional header, but can't find that. Is it not possible?
Yes, an additional header is impossible to set in the browser, but I could make a proxy in Nginx for this goal (the proxy can set up those specific cookies or add headers when passing a request to S3). But it's still not clear how to enable URL access for S3 bucket files from either specific IP address (my Nginx proxy address) or using a specific cookie or specific header.
Could you help me, please?
Best Answer
You should use presigned URLs to ensure only authorised users can access content on S3. This technique also works for CloudFront, in which case you use an Origin Access Identity to prevent direct S3 access.