Implementing an application where S3 images can only be hotlinked by a list of whitelisted domains.
For a simple case, I can create a Referer Policy with a static list of domains such as:
{
"Version":"2012-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests originating from www.example.com and example.com.",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::examplebucket/*",
"Condition":{
"StringLike":{"aws:Referer":["http://www.example.com/*","http://example.com/*"]}
}
}
]
}
I would like to have this list be dynamically generated from the DB via a scripting language, and then posted to the AWS via the API SDK.
This could be done by generating a dynamic JSON string for:
["http://www.example.com/*","http://example.com/*"]
Is this the best of doing this? I couldn't find any documentation regarding this, but I would imagine there is a limit for the amount of string matches in the StringLike condition?
Would it be better to create an individual StringLike entry inside Condition, one for each domain?
I could potentially have 10000's of domains to white list, so trying to find the best way of scaling this.
Given the length limitation in S3's policy framework, this solution was not used.