Hi samueldv6,
Apologies I have been going back and forth with Amazon about this and they keep giving me a solution which resolves the pipeline is and starts the job with the policy attached but it then doesn’t secure the link I will chase the up today, here was the code that they said worked but after testing it didn’t work for me , perhaps you could test and let me know if it works for you.
{
"Version": "2008-10-17",
"Id": "S3BubbleSecurity",
"Statement": [{
"Sid": "S3BubbleAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<bucketname>/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"https://s3bubble.com/*",
"https://media.s3bubble.com/*"
]
}
}
}, {
"Sid": "S3BubbleDeny",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<bucketname>/*",
"Condition": {
"ForAnyValue:StringNotLike": {
"aws:userid": [
"arn:aws:iam::<!-- role arn -->:role/S3Bubble_Elastic_Transcoder_Default_Role"
],
"aws:referer": [
"https://s3bubble.com/*",
"https://media.s3bubble.com/*"
]
}
}
}]
}
Best Regards
Sam