Les Hill github twitter facebook linked in archives
Using S3 Authenticated-Read With Paperclip
Posted January 01, 2009

Paperclip supports AWS S3 with a default of public-read access policy. This allows anyone who knows the URL of the resource to access it.

For some applications, you might want a more restricted access policy. The authenticated-read access policy requires that the URL of the resource be presented by an authenticated user.

To use authenticated-read with Paperclip:

  • set the :s3_permissions option on your attachment:
1 :s3_permssions => 'authenticated-read'
  • use RightAws::S3Interface#get_link to generate an authenticated-read URL for the attachment:
1 def s3_url(style = nil, time_limit = 15.minutes)
2   attachment.s3.interface.get_link(attachment.s3_bucket.to_s, attachment.path(style), time_limit)
3 end

If you do not normally need to time limit the access, use nil as the default value for time_limit

blog comments powered by Disqus

Les Hill
Software adventurer @ Hashrocket
les (at) hashrocket (dot) com

Subscribe to RSS Feed

Thanks to Tom Preston-Werner for the CSS layout, Webby for the blog renderer, and GitHub Pages for the blog hosting.

Les Hill © 2008–2010