S3 bucket allows to read the data for the application by setting AllowedOrigins as *. Instead of allowing every origin, how can we restrict the access in s3 bucket for the mobile application?
Asked
Active
Viewed 295 times
0
-
You can create a CorsRule with one or more "AllowedOrigins" https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedorigins There is an example https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#aws-properties-s3-bucket--examples that you can use as template. Hope this helps. – suprasad Dec 10 '20 at 15:48
-
@suprasad Thanks for sharing the information. The aforementioned solution helps on how to add more than one origin but my concern is how to provide the access only for the requests that come from the mobile application. In general, we can restrict the web appl access using the urls. For instance,AllowedOrigins: "https://myexample.com". But in mobile application, how can I prevent other domains? – Prasanth M Dec 11 '20 at 03:46
-
https://stackoverflow.com/questions/45566453/amazon-bucket-policy-for-only-mobile-app-access this has a similar scenario Check it out. – suprasad Dec 12 '20 at 14:37
-
Thanks @suprasad , this is really helpful – Prasanth M Dec 14 '20 at 05:24