S3 bucket with protected content of the website

12.05.2020
|
0 Comments
||
|

There is one s3 bucket named content-webners which contains two directories named open (which contains publicly accessible contents) and another is secure (which contain protected HTML based contents)

Below are the credentials for above s3 bucket:

  1. For read-only access
    User: wbsreadonly
    Access key ID: AKIAJ5TPX7FTP5KD94VQ
    Secret access key: qpYo/f67eIJE8r4zNjYNlnarzJPGg1zBqmJgkI/f
  2. For read-write (Full access)
    User: wbscontent
    Password: c4bc1819deb6bfc2d0b096aadb6c5d93
    Access key ID: AKAIWCGN79DJZQONSTYQ
    Secret access key: fc5ksjHDmiSkDhPX3GZhoOtIS4yK9oODNuDrpgZ6

URL and their pointing:

https://opencontents.webners.com (content under this URL are publicly readable)
https://contents.webners.com (content under this URL are protected)

Below is the Bucket policy implemented to protect content in bucket when using s3 URLs

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "content-upload",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::439506861907:user/wbsreadonly",
"arn:aws:iam::439506861907:user/wbscontent"
] },
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::content-webners/*",
"arn:aws:s3:::content-webners"
] },
{
"Sid": "CloudFront-singed-URL",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E217UHE9VK1JL1"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::content-webners/*"
},
{
"Sid": "Stmt1319566860498",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::439506861907:root"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::content-webners/*"
}
] }

s3 bucket 1

Now CloudFront settings implemented for bucket to protect content:

s3 bucket 2
s3 bucket 3
aws

Cache behavior settings to protect HTML content.

aws 1
aws 2

Leave a Reply

Your email address will not be published. Required fields are marked *

Share on:
Share this...
Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Website security
Contact Us