Hello Everyone,
Listing method is enabled Attacker can able to download whole data from bucket,(Video transcripts, Profile
images, all certificates) can we make s3 bucket private?
Please suggest any solution.
Thanks in Advance 
if your instance is public then your static data like (course images, videos,β¦) are public, people are free to download it so there are no points to restrict it.
I guess your instance is private and you only want your users to access your S3 files. You can use these methods to somewhat make it harder for attackers
- CORS.
- CloudFront function (if you use AWS CloudFront).
- Make file names unpredictable.
Get Objects permission is enough to retrieve files, you donβt need List Objects, if you want, you can grant List Objects permission to a specific IAM user.
The S3 bucket for course data like student submissions should be private, an access token will be used to retrieve files.
Course static files uploaded in Studio (Content > File & Upload) are not stored in S3.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.