Recent AWS Customer Success Stories & Videos

More AWS Customer Success Stories...

« Additional RDS Functionality in the AWS Management Console | Main | This Is A Stick-Up! »


TrackBack URL for this entry:

Listed below are links to weblogs that reference Amazon S3 Bucket Policies - Another Way to Protect Your Content:


Feed You can follow this conversation by subscribing to the comment feed for this post.

Adrian Cole

I think this is exciting news. Great work!

Kin Lane

This is great. I was updating all of our servers to centralize the storage of files on Amazon S3.

Except many of the heavy files our clients upload are accessed through different web servers. Some are public...some are private.

Each client usually has its own machine. I wanted a better way to grant access to various buckets from different Amazon EC2 instances and / or public IP addresses.

Will play around with this more.


In light of todays security announcement from Amazon - 08.22.2011 - Important Security Notification regarding your Amazon S3 bucket setting, for those users who unknowingly have the privileges set incorrectly, like me, can you post a comment about what a bucket should look like in terms of privileges in order to prevent unauthorized access?

My suspicion is that the EVERYONE user set to READ is what is causing the unauthorized access, but all the documentation I've read is not really helpful in what we, as layman users, need to set our privileges at in order to protect ourselves.

Can you assist? Many thanks in advance.

chris collins

+1 for to the question from Maryloutyler. Also if you are using S3 as a static website is there any way to prevent the security issue that has been raised.

Robert Morris

+1 to the question posed by Maryloutyler.


I also received the email from Amazon this morning, but not sure what to do.. Any suggestions?


+1 I agree with the above and the statement by Maryloutyler. I have 150+ videos that I have behind a membership site and need to protect the content from people snooping around looking for freebies.


Hi Jeff, I saw your comment above about having a membership site. I am going to have a commercial video site created soon and am still exploring ideas/ways to implement it. How does yours work? Is AWS the best choice for selling your streaming videos online?


You can add me to the list of folks who have LOTS of videos behind a membership site as well as numerous training videos for my virtual staff. I'm not really clear how to protect these videos.


How should "wrong" look and how should "right" look? The Amazon email elegantly and generally tells me nothing. Your blog post helps a bit, but is not clear. Like others, I can't see what might be wrong or how to fix it. Thank you.


+1 to many of the above. I use my S3 buckets for all my website videos, TV programming, squeeze pages, etc. Since I cannot know who is going to land on a squeeze page for my Internet marketing business arm, it is tough to set specific user or condition or timing policies. People around the world have "business hours" at different times. I'm a lay-person w/o knowledge of coding. Just barely understood the X's and checkmarks to allow permissions.

Pedro Soto

+1 to the above. you have just alerted me to a danger and left me clueless as to how to resolve it, in a way that I can understand and implement.


S3Media Stream is a plugin for WordPress and Joomla that enables playing private streaming videos and audio, whether they are in a membership system or not.
That way, you can set your videos and audios to private, yet play them with the plugin who creates expiring URLs on the fly.
Wordpress version:
Joomla 1.5:

I hope this is useful?

Cary Abramoff

It boggles my mind the s3 servers cannot allow public read buckets to prevent list mode. Why not have the presence of an index.html file for example prevent the default behavior being list. There are many reasons to wish to have a bucket be public read but that does not mean one want to list the contents. Or perhaps having url referrer control the listing.


One way to protect your s3 bucket is to set the folder itself to private, but keep all the files inside as public. Members and customers can access their media while keeping your bucket from getting scraped by tools like this or other users.

The comments to this entry are closed.

Featured Events

The AWS Report

Brought to You By

Jeff Barr (@jeffbarr):

Jinesh Varia (@jinman):

Email Subscription

Enter your email address:

Delivered by FeedBurner

April 2014

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30