I am working on application in which we upload customers' videos, pdfs and other confidential documents on S3 bucket.
Currently, a customer can play these videos in videogular component(Angular component) and PDF files can be read in PDF component.(Angular Component)
My concern is about its security.
I want that customers can play/read only their video/pdf. No one can download/play/read these things.
1.) How can I achieve that?
2.) Which are the things which I have to enable/disable on my S3 bucket. (S3 Bucket policy)
3.) We do not have IAM roles configured. Do we need it?
I have no clue about this... It would be great if some one can guide/provide some useful links.
Thanks in advance.
Finally, I got the answer.
Answer of First Question: What @Cyrus has mentioned in his answer is absolutely correct. Addition to that answer I want to add few more points in it.
as he has rightly mentioned...
when you show the files to your users, the url in the browser must be changed so they cannot see the real path to the file.
which gives me hint about CDN(Content Delivery Network) server.
Finally, we would go for CDN-S3 combination.
It means Client would only exposed to CDN url(s). (Not S3 url(s)) And those would be Pre signed URL (Secure as well as temporary url.)
One can read more about from here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html
Answer of (2) and (3): as @Cyrus mentioned.