Paperclip supports AWS S3 with a default of public-read access policy. This allows anyone who knows the URL of the resource to access it.
For some applications, you might want a more restricted access policy. The authenticated-read access policy requires that the URL of the resource be presented by an authenticated user.
To use authenticated-read with Paperclip:
:s3_permissionsoption on your attachment:
1:s3_permssions => 'authenticated-read'
RightAws::S3Interface#get_linkto generate an authenticated-read URL for the attachment:
If you do not normally need to time limit the access, use
nil as the default value for