Amazon S3安全存储桶

Question

Sorry if this is the incorrect place to ask.

Is they a way to secure a AWS S3 bucket so direct access to the files is denied but signed access is allowed?

I am new to all this, I have looked at Policies and Permissions but nothing seems to work.

Thanks in advance.

Answer 1

Follow this steps for Amazon S3 secure bucket:

1. Give only full permission to owner only for all the objects in that bucket. You can try any third party tool like bucket Explorer to set ACL on all the objects exist in Amazon S3 Bucket .
2. Just make sure that there is no policy set on that Bucket as Bucket policy has higher priority then ACL.
3. Generate there signed url and provide the users, if you want that user can access your files.

[Disclosure : Bucket Explorer]

Answer 2

You will need to change the ACLs for all the objects in the bucket and remove access for the Everyone user. You will also need to make sure that you don't have a bucket policy that overrides those ACLs and allows public access to your files.

These links should help:

http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingPermissionsonanObject.html http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingBucketPermissions.html http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucketPolicies.html

For the bucket policy, you need to look for any statements that give anonymous access to your objects and change those. These will contain a "Principal": { "AWS": "*" } in the policy.

Answer 3

FYI: S3 buckets are secure by default. You can open them up by:

1) setting the ACL on the bucket to "public read"

2) setting a policy for "everyone" via Principal: {AWS: * }

3) Uploading an object with ACL of "public read"

3) setting the ACL on an object to "public read" after upload