Welcome to Video number seven prevent unauthorized access. In this particular video, we are going to discuss how to protect your Amazon bucket so that other people cannot share the links to their friends and to other sites. And thereby what happens is you end up paying for people pirating your links. We have seen other people forget this crucial step and end up paying a lot of money in Amazon s3 costs. Now of course while the costs are low, you're still paying for other people hot linking to you. So I'm going to teach you a specific way of developing an Amazon access policy that tells that bucket And says to it, unless somebody comes from a specific site, which is your site, deny them access.
So let me go ahead and do that now. So to create a bucket policy, all you have to do is locate your bucket. So in this case, it's going to be test domain DL, when a right click and click on bucket policy. Now, this is going to kind of look like code and it's going to look complex and overwhelming. And that's a fact it is true, but since most of you are newbies, I'm going to show you how to create a bucket policy by getting a swipe file from cloudberry. Now in this case, I'm going to go back to cloudberry.
So I recommend that you go to cloudberry lab.com. They're always coming out with the latest greatest updates, and that's really why I like cloudberry. But if you go to their blog, and you look for their search here, and you type in Amazon s3 Hot linking. So Amazon s3 h o t linking, you go here and you do a search, they'll actually give you the hot linking scripts. So click here. And I'm going to show you how to customize the script in a minute.
So you don't need to know programming or anything like that. You don't have to read any of this. In fact, if you read this, it might be overwhelming. So just follow me along, you're going to scroll down and you're going to find this script right here. So we're going to highlight everything in blue. So from here, all the way up here.
So we're going to highlight that you're going to click copy, and then we're going to transfer it over here. Now before we do that, I want to put this in Microsoft Word, and we're going to make the size bigger and we're going to customize the script. I'm going to show you how Then we'll copy that finalized code over to the cloudberry system. So I'm going to go ahead and copy it here. We're going to make it big enough so that you can see it. Where it says my bucket, you can leave the slash, but you're going to replace my bucket with the bucket name.
So in this case, my bucket name is test domain, DL. That's all you have to do. And we say allow GET requests referred by blah. So all this is right here is it's a note to you to tell you that you're going to allow requests referred by a specific domain. So you're going to put that your domain.com and then next where it says AWS refer. What this means is that in this case, cloudberry.com.
So you're telling the system Whatever files I upload into this bucket only, and only if somebody comes from cloudberry.com. Or if they click on a downloadable file that is hosted, let's say, for example, on a WordPress site on cloudberry lab comm then it'll work. So in other words, if somebody tries to steal your download page or your download links, or they try to share it with somebody else, it's not going to work. Or they're going to use a download manager. It's not going to work. So basically, you're going to enter your domain.com here.
Now, it's going to show you other sites here. But what I recommend that you do is you do, it says HTTPS. So unless you have a secure SSL certificate, you don't need the HTTPS. But if you want to make it so that in the future, if you add it in the future, then you can leave it as it so you could put your domain.com, whatever that is just replace this one here. So this one here is the regular HTTP without the www, so you could put your domain.com. So just a different variation of it.
And then of course, you don't need this. Now, the comma is only here if you want to add new domains. So in other words, if you wanted to add, let's say, your domain dotnet. And then you want to add an additional one, you got to put a comma in between. Now, you just saw how it tried to underline it, right. So that's why we try to use Notepad.
I wanted to use Microsoft Word because I wanted to show you how to do this. And then you put apostrophe and another apostrophe, and then you put whatever you need to put inside. So basically, you're saying, anytime this domain, this domain, this domain, or this domain, traffic comes from that, or the download pages located on that, it will work. If it's not, it will not work. So that's basically all it means. So now what you need to do is copy this.
I'm not going to save, I'm actually going to copy it into notepad because I want to remove any type of formatting. And this is where I normally edit as well. I normally do it in here. But once you're done with that, all you have to do is copy this into the policy script. So we can actually delete anything that's in here. And then we're going to paste that in here.
We're going to click Apply And of course it says policy contains invalid domain. So I added real live domains and it works. So now I got to click OK. And that's it. And like I said, the newbie way if you ever forget or you don't have access to cloudberry whenever you're watching this video, simply go to google.com look for an s3 bucket policy. Make sure the word hot linking isn't it. And you'll find a lot of ones here.
And all you do is customize it and you're good to go.