[英]Amazon S3 secure bucket
Sorry if this is the incorrect place to ask. 抱歉,这是不正确的地方。
Is they a way to secure a AWS S3 bucket so direct access to the files is denied but signed access is allowed? 它们是否可以保护AWS S3存储桶的安全性,从而拒绝对文件的直接访问,但允许签名访问?
I am new to all this, I have looked at Policies and Permissions but nothing seems to work. 对于这一切,我还是陌生的,我研究过“策略和权限”,但似乎没有任何效果。
Thanks in advance. 提前致谢。
Follow this steps for Amazon S3 secure bucket: 对Amazon S3安全存储桶执行以下步骤:
[Disclosure : Bucket Explorer] [披露: 存储桶资源管理器]
You will need to change the ACLs for all the objects in the bucket and remove access for the Everyone
user. 您将需要更改存储桶中所有对象的ACL,并删除对
Everyone
用户的访问权限。 You will also need to make sure that you don't have a bucket policy that overrides those ACLs and allows public access to your files. 您还需要确保您没有存储桶策略来覆盖这些ACL并允许公众访问您的文件。
These links should help: 这些链接应有助于:
http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingPermissionsonanObject.html http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingBucketPermissions.html http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucketPolicies.html http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingPermissionsonanObject.html http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingBucketPermissions.html http://docs.aws。 amazon.com/AmazonS3/latest/dev/UsingBucketPolicies.html
For the bucket policy, you need to look for any statements that give anonymous access to your objects and change those. 对于存储桶策略,您需要查找任何可以匿名访问对象的语句并进行更改。 These will contain a
"Principal": { "AWS": "*" }
in the policy. 这些策略中将包含
"Principal": { "AWS": "*" }
。
FYI: S3 buckets are secure by default. 仅供参考:默认情况下,S3存储桶是安全的。 You can open them up by:
您可以通过以下方式打开它们:
1) setting the ACL on the bucket to "public read" 1)将存储桶上的ACL设置为“公开读取”
2) setting a policy for "everyone" via Principal: {AWS: * }
2)通过
Principal: {AWS: * }
为“所有人”设置策略
3) Uploading an object with ACL of "public read" 3)上传ACL为“公开读取”的对象
3) setting the ACL on an object to "public read" after upload 3)上传后将对象的ACL设置为“公共读取”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.