Henry,
Ideally you’ve already authenticated your users and can simply leverage that existing authenticated identity to secure access to the files. That would let you ensure that only the authenticated user has access to the object(s) (your video files).
For temporary access to an object, S3 natively provides a method to create a temporary URL. The process per request is pretty simple:
- An authorized user/object with access to the video file (like your application) uses the SDK to create a temporary URL
- That URL encodes all the required information for access and has a set expiry date
- You pass the temporary URL to the user
The risk here is that anyone with the temporary URL can access the file for the duration that URL is valid. Generally the risk is minimal but you’ll have to evaluate against your user case.
Hope that helps!
