How to: Secure uploaded file in S3 and make it only accessible by supplying secret token? - carrierwaveuploader/carrierwave GitHub Wiki

Just put 2 additional methods like so:

class ExampleUploader < CarrierWave::Uploader::Base

  # the rest of uploader

  def fog_public
    false
  end

  def fog_authenticated_url_expiration
    1.minutes # in seconds from now,  (default is 10.minutes)
  end

end

Example of signed-URL:

https://bucket-example.s3.amazonaws.com/uploads/user/image/1/image.jpeg?X-Amz-Expires=60&X-Amz-Date=20160914T044238Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJTIEVPQZEXU26EJA/20160914/us-east-1/s3/aws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=53daea895d9b40d5821011ee0e4c776c0ab96bdce5f14d078716f40a2e723244

Reference