I´ve tried uploading a video to the Amazon S3 service. I´ve got Coudfront active too. I´ve used the free version of CloudBerry S3 Explorer.
I want to set those videos to private, and configure them to be available only when called from a specific domain (I want to embed them in my site). Is that possible?
I´ve tried once and again, and it seems that the only alternative is to create an expiration date (expiring URLs), which isn´t what I need, because I´ve got people clicking all the time. I just want to avoid them to be played by other sites or hotlinked in any way.
I´ve read this answer, and this other answer, and this one too. I didn´t find the answer though.
I´ve read about Signed URLs, but they doesn´t seem to fit, as they relies on dates and IP addresses of the user (which may vary quite a lot).
Any idea will be very much appreciated! Thanks for your insight!
CloudFront and S3 allow you to restrict access by HTTP referrer headers, see the "Restricting Access to Specific HTTP Referer" section in the Access Policy Language docs. However, keep in mind that this is very easy to circumvent as there is no guarantee the requestor isn't just inserting that header themselves to get at your content.
The signed url option you mention is is probably a better choice here. You do not need to know the IP addresses of all your users in advance, which seems to be your concern here. Instead the idea is to generate the signed url at page load time with a short expiry. This way each user who loads the page gets a unique short lived URL they can access, if they share it, it will eventually expire limiting your exposure to hot-linking. Since you are generating the URL at page load time, you can also detect the user IP and tie the signature to IP address, further limiting hot-linking as anyone the user shares the URL with would need to access it in the window prior to expiry AND request it from the IP address the signature allows.
Keep in mind though that none of this prevents "authorized" users from downloading the file and just hosting it elsewhere for sharing.
Finally depending on your needs you may want to check out video providers like Ooyala, who can help you with a full end to end solution around your video, including access restriction.
[Disclosure: I work at Ooyala].