Want To Secure Your Amazon S3 Downloads?

Amazon S3 is a great way to store and distribute files. In particular large media files that could suck your web hosting bandwidth quickly if you uploaded to your own web site. And S3 is very, very affordable.

A question that comes up regularly is when people start storing files exclusively for members on Amazon S3.

You see, in order for others to download a file you uploaded to Amazon S3, you have to make the file accessible to everyone. And everyone means – everyone on the Internet.

In a membership site setting, that may not be what you want. The good part is, Amazon S3 already has a way to allow authenticated downloads. I won’t get too technical here but it basically involves making sure the URL people are clicking through from includes a special ‘key’. This takes a little bit of coding but if you are using WordPress, there’s a wonderful little (and free) plugin that does the job beautifully.

It is the Amazon S3 Expiring URL Generator.

Using the, you can set a certain time the URL’s will be ‘active’ and it will expire after that. Keep in mind this has nothing to do with membership expiry and it doesn’t matter anyway once you understand how it works.

After the plugin is installed, you simply need to use a shortcode to create a link to the download. This link or URL includes the required key string like this:

How your files remain private:

  • If you someone tries to remove the crazy key strings following the file they will receive a nasty error from Amazon.
  • If they try to copy and share that URL, it won’t work for long. Depending how long you set it to last. We don’t normally put it past a few minutes.
  • If a member wants to download again, all they need to do is refresh the page and a new URL will be generated. So… how can that be secure? Because the way people get to the page is if they had a login to your membership site 🙂 now if they share the login – that I can’t help you. This however will work well for the average user and site.

Just don’t forget to remove permission for everyone to download the file. If not, it completely defeats the purpose of expiring URLs.

Do You Want A Hands-Free Business?

Then get this guide to help you systemize your business so you'll have more time working on your business.

!
!

Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.

Terms and Conditions checkbox is required.
Send My Guide
Something went wrong. Please check your entries and try again.
Facebook Comments

10 Comments

  1. Staci Jansma on April 7, 2011 at 3:38 pm

    I use AmazonS3 daily – multiple times — so … as always Thank you for the great tip!



  2. Mimi Klosterman on April 8, 2011 at 8:41 am

    I was wondering how to do that with WordPress so thanks for letting us know about that!



    • Lynette on April 8, 2011 at 1:59 pm

      You are most welcome Mimi



  3. Traci on April 8, 2011 at 8:53 am

    That is a great tip! I am trying to get some info products together & put them online but I was unsure that I could do it through Amazon because since I live in NC I can’t be an “Amazon Affiliate” but w/ this new S3 I can sell my own products? Thanks Lynette.



    • Lynette on April 8, 2011 at 2:03 pm

      Amazon S3 has nothing do to with Amazon store or being an affiliate. S3 is more like a file hosting and storage service. So if you use S3 you are a customer. They don’t owe you anything and hence the affiliate program thing doesn’t affect it at all. Well… at least until some *smart* politician decides to put something in place to change the game. As of now, these are two separate issues really.

      Oh and just to be clear you don’t really sell your products via S3 – you sell it yourself via your normal shopping cart or other methods but you can store your product files on S3.



  4. Joe Mudd on April 8, 2011 at 10:47 am

    Hi Lynette – thanks for this information. It seems there’s a plugin for just about everything.

    I hope to someday have the traffic levels that I need S3 to save on bandwidth. I’m OK with what I’ve got right now.

    I’m playing with the idea of using a membership site, and being able to protect files on S3 will be important than.

    Thanks.



    • Lynette on April 8, 2011 at 2:09 pm

      Hey Joe – it seems like it doesn’t it? I think it depends on how creative people are the more we do with WordPress, the more likely someone will want to write a plugin to fit that task.

      Traffic and download bandwidth is of course the main reason most people host their files on Amazon. I don’t claim to be a large site in any sense but for me, hosting on Amazon means I have less to worry about in terms of theft of customer only downloads. Also space on the hosting account. There are many times I ran out of space in our account – video files especially are a space hogger and I love creating instructional videos.

      Thanks for chiming in by the way! Hope to see you around more.



  5. peter on April 21, 2011 at 11:09 am

    Nice writeup, thanks for your contribution!



  6. Dave Lindberg on July 7, 2011 at 12:56 pm

    If I am not using WordPress, does anyone have a a way to do this on a static HTML site?



    • Lynette on July 7, 2011 at 2:33 pm

      No 🙁 in order to generate those keys on the fly you need some kind of server-side code and plain old static HTML is just not capable of that. Unless of course you’re willing to convert it to PHP or some other dynamic language page. Let me see what I can whip up for you static page guys and gals. Stay tuned to the blog or get in on our newsletter so you’ll get notified.