S3 bucket policy to restrict access by referer.

aws-policy-s3_referer.json

{
	"Id": "Restrict access to S3 keys by HTTP referer header",
	"Statement": [
		{
			"Sid": "S3 Referer Header Check",
			"Effect": "Allow",
			"Principal": {
				"AWS": "*"
			},
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::static.hx.io/*",
			"Condition": {
				"StringLike": {
					"aws:Referer": "http://hx.io/*",
					"aws:Referer": "https://hx.io/*"
				}
			}
		}
	]
}