Amazon S3 hotlink prevention with Bucket Policies

By | March 25, 2011

I have recently started experimenting with Amazon S3 to host the static content of my blog, like CSS, images, etc. Good news is that Amazon Web Services is giving one year of free usage for new S3 accounts (5 GB of Amazon S3 standard storage, 20,000 Get Requests, and 2,000 Put Requests). You will easily run out of the GET request limit even if your blog has just hundred visitors a day. My blog is consuming around 3 lakh GET requests per month, but these are really cheap, only a cent for 10k requests. My S3 bill is coming around Rs.20, which is negligible.

Though the GET requests are cheap, it will add up if somebody is hotlinking to them and if the hotlinked files are videos, software, or other stuff  of few MBs, then you will surely run out of free data transfer limit too. Amazon provides support for conditional rules to access the buckets via Bucket Policies. We can use this to prevent hotlinking. We can allow or deny access based on request attributes, such as HTTP referrer and IP address.

Get the free version of S3 Browser. Login using your Access Key and Secure Access Key. Change the ACL permission of folder and all its content to private (accessible to owner only). Right click on the bucket you are using for hosting content and choose “Edit Bucket Policies.” It will popup “Bucket Policies Editor.”

Paste this and edit aws:Referer section with the domain name(s) you want to limit the bucket to.

"Version": "2008-10-17",
"Id": "httprefererpolicyexample",
"Statement": [
"Sid": ",",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::imgbox/*",
"Condition": {
"StringLike": {
"aws:Referer": [

Your images only show up on your domain and show 404 error if image is directly called or hotlinked.

2 thoughts on “Amazon S3 hotlink prevention with Bucket Policies

  1. Sachin

    Hi Naveen,
    I am fighting with MS Excel 2007 for last one year. It takes hell lot of time to open any document. I searched for google, i found lot of remedial measures which dosent wok for me. I am a civil engineer and I dont know deep in computers. Can you please help me to get out of it?

    1. Naveen Post author

      I know few things, but I do not know if they work for you or not, just do it and see.

      1. Uninstall applications you do not use.
      2. Then run a free registry cleaner and delete all the unused registry keys.
      3. Restart the system and run Disk De-fragmentation.


Leave a Reply

Your email address will not be published. Required fields are marked *