- Newest
- Most votes
- Most comments
You can limit access to the file only from your website by adding a condition to your S3 bucket policy which would filter against the referer
header in the request. This would allow you to limit your files being access only by a specific domain or subdomains. See here for a sample policy - https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-4
You can also use signed URLs/cookies to further restrict access based on client and time - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html
However, you can't really prevent downloads as such. If your users can see your image in their browser, that basically means the image has already been transferred to their device. There are ways to capture and save the image from there (such as developer tools on the browser) regardless of any limitations you try to impose.
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago