AWS bucket permissions question

Hi - Can anyone share how to provide access to files from a given SSL URL on AWS Amazon Cloud Server (S3)? My bucket permissions work fine on an unsecured connection, but not on a SSL. Here's what I've got for permissions:

{
	"Version": "2012-10-17",
	"Id": "http referer policy",
	"Statement": [
		{
			"Sid": "Allow get requests referred by www.example.com and example.com.",
			"Effect": "Allow",
			"Principal": "*",
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::wellsource/*",
			"Condition": {
				"StringLike": {
					"aws:Referer": [
						"http://zzzz.com/*",
						"http://xxxx.com/*",
						"http://www.zzzz.com/*",
						"https://console.aws.amazon.com/*",
						"http://www.xxxx.com/*"
					]
				}
			}
		},
		{
			"Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
			"Effect": "Deny",
			"Principal": "*",
			"Action": [
				"s3:DeleteObject",
				"s3:GetObject"
			],
			"Resource": "arn:aws:s3:::wellsource/*",
			"Condition": {
				"StringNotLike": {
					"aws:Referer": [
						"http://zzzz.com/*",
						"http://xxxx.com/*",
						"http://www.zzzz.com/*",
						"https://console.aws.amazon.com/*",
						"http://www.xxxx.com/*"
					]
				}
			}
		}
	]
}

Open in new window


Thanks,
Steve
tablaFreakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Stuart ScottAWS Content Lead at Cloud AcademyCommented:
Hi,

I've not tried to do this myself, but is your S3 Bucket configured for SSL?

Just found this blog post regarding configuring S3 buckets for SSL connections, its a little old but it may help point you in the right direction:
http://stackoverflow.com/questions/11201316/how-to-configure-ssl-for-amazon-s3-bucket

You could also look at using CloudFront to handle this for you too:
https://bryce.fisher-fleig.org/blog/setting-up-ssl-on-aws-cloudfront-and-s3/
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html

Cheers,

Stu...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shalom CarmelCTOCommented:
Your bucket is accessible via 3 different methods.

As a subdomain on s3.amazonaws.com
http://mybucketname.s3.amazonaws.com/

As a subfolder in s3.amazonaws.com
http://s3.amazonaws.com/mybucketname/

And finally, only if your bucket has a name that is a valid FQDN in your domain, you can create a CNAME in your DNS pointing this FQDN to S3 like this:

mybucket.mydomain.com  CNAME mybucket.mydomain.com.s3.amazonaws.com

However, you cannot install your own certificate on S3.
So for SSL access you are limited to the first 2 options, BUT only if your bucket has no dots in its name.

If you really want to use SSL like in httpS://mybucket.mydomain.com  then you must place a CDN or a reverse proxy between S3 and your users. Cloudfront is an option, but any CDN that supports custom SSL will do the job.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AWS

From novice to tech pro — start learning today.