I have some static files hosted in S3 that I want to use on my website that is hosted through Elastic Beanstalk. Now, I'm trying to understand what would be the most secure permissions to set for my S3 bucket. I need the files to be public/accessible enough to all my website to use the CSS/JS files stored in the bucket, but I don't want it to be accessible for any other reason.
Above is a screenshot of the permission settings available. Should I leave them all unchecked in order to be able to use the CSS/JS files?
CodePudding user response:
First you have to put appropriate bucket policy which limits access to only the few specific objects of yours. You can further limit access to only your website using referrer condition. This is not a bullet proof solution for hot linking, but better then nothing.
Once you do this, you can enable first three options in public access block,. The forth option must be disabled.
But the best way is to use CloudFront with S3 for best results. This allows you to keep your bucket private, and just server your files through CloudFront.