Home/ Questions/Q 7629693
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T05:54:04+00:00

Now, I know that I cannot stop someone from downloading my videos and sharing,

  • 0

Now, I know that I cannot stop someone from downloading my videos and sharing, however I would prefer to have it to so that people do not copy paste links directly to my bucket. Thus, is there a way to make my bucket accessible only from my server/domain making the request?

If it helps, I’m using jwplayer which loads from a xml playlist that has all the links. This playlist definitely can be opened and viewed from anywhere and is where I expect the easy copy and paste comes from.

I don’t want to mask the urls because that means my bucket is readable to everyone. There is probably some chance that someone will find the url of my bucket and the name of the files and connect everything together…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is possible by Using Bucket Policies, which allows you to define access rights for Amazon S3 resources – there are a couple of Example Cases for Amazon S3 Bucket Policies illustrating the functionality, and amongst these you’ll find an example for Restricting Access to Specific IP Addresses as well:

    This statement grants permissions to any user to perform any S3 action
    on objects in the specified bucket. However, the request must
    originate from the range of IP addresses specified in the condition.

    Depending on the specifics of your use case, a bucket policy for this might look like so:

    {
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*" 
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition" : {
                "IpAddress" : {
                    "aws:SourceIp": "192.168.143.0/24" 
                },
                "NotIpAddress" : {
                    "aws:SourceIp": "192.168.143.188/32" 
                } 
            } 
        } 
    ]
}

    As shown the aws:sourceIp value for parameters IPAddress and NotIpAddress is expressed in CIDR notation, enabling respective flexibility for composing the desired scope.

    Finally, you might want to check out the recommended AWS Policy Generator, select type S3 Bucket Policy and explore the available Actions and Conditions to compose more targeted policies for your use case eventually – the documentation for Conditions explains this in detail.

    • 0