When using the S3BotoStorage file storage from Django-storages (DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'), files are created as publicly viewable. How do I make files only visible to users I explicitly give URLs to? I know boto has ways of generating temporarily valid urls.
Set the following in settings.py:
AWS_DEFAULT_ACL = "private"
Then, make sure the following settings are their default values (you can either set them as follows or remove them from your settings.py):
AWS_QUERYSTRING_AUTH = True
AWS_S3_CUSTOM_DOMAIN = None
You should also use the block all public access setting on the bucket.