How to secure file access using Carrierwave + S3 hosted on Heroku

My site is hosted on Heroku and I am using Carrierwave to upload files
to Amazon.

How can i restrict file access based on roles? Is this possible?
Using Devise and CanCan.

Yes, it is possible. You need to look into query string request
authentication in the amazon s3 docs. It has been pretty much created
for
this use case.