Guide to: Hosting Secure Images and Data

Important Note: As part of our ongoing integration with Appen branding, we have updated key web properties to the Appen domain. This change took place on April 16, 2020, so please keep in mind that referrer headers and bucket policies will need to be updated accordingly. Please see below for new Appen URLs.

Here are the best practices and key S3 features for keeping data secure:

• HTTP Referrer headers:

1. Are pieces of code that create a security policy and only allow certain users the ability to access a domain. For example, you can set restrictions to only allow people from an ‘appen.com’ domain to see the content in a bucket.
2. Here are the HTTP referrer headers for Appen:
   • Note: Please make sure to include the forward slash and the asterisk when you are whitelisting the URLs
   • https://view.appen.io/*
   • https://annotate.appen.com/*
   • https://client.appen.com/*
   • https://ia.appen.com/* 
   • https://imagine.appen.com/*
   • https://annotation.appen.com/*
     
     • Note: Please make sure to include the forward slash and the asterisk when you are whitelisting the URLs
3. To enable:
   1. Go to Permissions > Bucket Policy 
   2. Paste in the following policy: 

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "AllowReadFromF8Apps",
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": "*"
                  },
                  "Action": "s3:GetObject",
                  "Resource": "arn:aws:s3:::<yours3bucket>/<yours3folder>/*",
                  "Condition": {
                      "StringLike": {
                          "aws:Referer": [
                              "https://client.appen.com/*",
                              "https://annotate.appen.com/*",
                              "https://view.appen.io/*",
                              "https://imagine.appen.com/*",
                              "https://annotation.appen.com/*",
                              "https://ia.appen.com/*"
                           ]
                      }
                  }
              }
          ]
      }

   3. Add following code with specific referrer headers you’d like to accept:
   4. "Condition": {

                                     "StringLike": {

                                     "aws:Referer": [

                                                 "http://test.com/*",

                                                 "http://www.test.com/*"

• Keep the login credentials secure via password protected policy (ex. LastPass)

• Enable expiring images and Data:

• Go to “Management”
1. Add lifecycle rule:
2. Enter a Rule Name:
3. Select the current version:
4. In the current version, set expiration after x days:
5. Review, Save: