How to Protect Paid Content in S3

Step 1

Create a separate bucket for paid content. For instance, for RubyPlus Pro account customers, I created pro.rubyplus.com.

Step 2

Use the following bucket policy:

{
    "Version": "2008-10-17",
    "Id": "Policy1414368633278",
    "Statement": [
        {
            "Sid": "Stmt1414368595009",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOURBUCKETNAME/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": "http://YOURDOMAINNAME.com/*"
                }
            }
        }
    ]
}

Step 3

Replace the YOURBUCKETNAME with the bucket name for the paid content.

Step 4

Replace the YOURDOMAINNAME with your website URL.

Step 5

Save the bucket policy. Now if you access the URL for the video directly like this: https://s3.amazonaws.com/pro.rubyplus.com/tst.mov you will get an access denied error.

Step 6

You can also optionally enable server side encryption. It will encrypt the content when in transit and also when it is stored in S3. When your web site streams it, it will be decrypted.

Step 7

From now on, only your website URL will be able to access the content from the bucket for the paid content.

Step 8

You can easily filter the paid episodes in the controller in your Rails app and provide access to paid content to customers.

References


Related Articles


Ace the Technical Interview

  • Easily find the gaps in your knowledge
  • Get customized lessons based on where you are
  • Take consistent action everyday
  • Builtin accountability to keep you on track
  • You will solve bigger problems over time
  • Get the job of your dreams

Take the 30 Day Coding Skills Challenge

Gain confidence to attend the interview

No spam ever. Unsubscribe anytime.