Setup Amazon S3 Bucket Permissions to Protect Assets

Also works for any other files in your Amazon S3 bucket as well (such as MP3, PDF, etc..).

If you are using Amazon S3 to host your video files, we have recently became aware of a neat trick that will let you only allow your domain name to use the files within your Amazon S3 bucket.

This means that you no longer have to set the permissions on your video files to “public” and can just leave them set to private, and only the domain name you specify will be able to link to, or stream the files within this bucket.

This is great because you no longer have to worry about anyone getting access to your video file link, and sharing it. People would have to actually come to your site to access the files.

Here are the steps to setup an Amazon S3 Bucket Policy:

  1. Login to your account

  2. Go into your S3 Management Console (by clicking on the red S3 link on the left side of the screen after you login).

  3. Move your mouse over the name of the bucket you need to do this for, right click on it and go to “Properties”

  4. On the right side of the screen, click on “Permissions”

  5. Then click on “Add Bucket Policy”

  6. A new window will come up. Use the policy below making sure to copy/paste exactly

    "Version": "2008-10-17",
    "Id": "Policy1408118342443",
    "Statement": [
            "Sid": "Stmt1408118336209",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKETNAME/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
  1. In the .txt file linked to above, after you replace the YOURBUCKETNAME with your bucket name, and with your domain name (make sure you keep the * after the / in both cases. Once you make those changes, then paste in the entire contents of that text file into the bucket policy window. Then press the enter key once, and you’ll see the grayed out button “save” become clickable, and you should be able to save the bucket policy at that time.