How can I enforce a S3 policy to let only signed URL get objects

0 votes

I can generate my signed urls the AWS-SDK node package, and I could confirm they work when my bucket is set as public.

However, I can't find where I can set the parameters mentioned here:

Restrict Bucket Access : Yes

Origin Access Identity : Use an Existing Identity

Restrict Viewer Access(Use Signed URLs) : Yes

Trusted Signers : Self

I do not use Cloudfront and it looks like Cloudfront specifics

Is there any way to set these up (or produce an equivalent behavior) using S3 only? i.e. bucket private by default, only urls signed by one of my IAM users can be served.

Oct 5, 2018 in AWS by eatcodesleeprepeat
 • 4,710 points 3,557 views

1 answer to this question.

0 votes

You don't need to make a bucket public in order for signed URLs to work. That would entirely defeat the purpose of signed URLs.

and Make sure the IAM user that you are using to generate the pre-signed URL has permissions to read from the bucket.

answered Oct 5, 2018 by Priyaj
 • 58,100 points

Related Questions In AWS

0 votes
1 answer

How to get a pre-authenticated URL to an S3 bucket?

You probably want to use one of ...READ MORE

answered Nov 6, 2018 in AWS by Archana
 • 5,640 points 2,704 views
+1 vote
4 answers

Can a URL be directly uploaded to S3 using POST?

You can read this blog and get ...READ MORE

answered Oct 25, 2018 in AWS by chamunda
 3,244 views
0 votes
1 answer

How do I write an S3 Object to a file?

While IOUtils.copy() and IOUtils.copyLarge() are great, I would prefer the old ...READ MORE

answered Jul 13, 2018 in AWS by Hammer
 • 360 points 4,607 views
0 votes
1 answer

How can I create a S3 bucket using Python?

You can use the boto3 library for ...READ MORE

answered Nov 30, 2018 in AWS by Aniket
 1,653 views
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
 • 58,100 points 5,903 views
–1 vote
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
 • 58,100 points 5,175 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
 • 5,820 points 2,845 views
0 votes
2 answers

Invalid bucket name "s3:\\testdm": Bucket name must match the regex "^[a-zA-Z0-9.\-_]{1,255}$"

Instead of backslashes, use forward slashes C:\Users\jino>aws s3 ...READ MORE

answered Apr 24, 2019 in AWS by anonymous
 23,942 views
0 votes
1 answer

How can I get current date in a CloudFormation script?

There was a similar question asked on ...READ MORE

answered Aug 29, 2018 in AWS by Priyaj
 • 58,100 points 8,814 views
0 votes
1 answer

How to create a CloudFormation only AWS policy

The easiest way to achieve what you're ...READ MORE

answered Sep 26, 2018 in AWS by Priyaj
 • 58,100 points 2,163 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.