[英]Amazon S3 + CloudFront query for specific version of stored file
I've created a new S3 Bucket with versioning enabled feature and turned on “Forward query strings” on my cloudfront distro. 我创建了一个新的S3 Bucket,启用了版本控制功能,并在我的cloudfront发行版上打开了“转发查询字符串”。
I know that you can access different object versions by sending the versionId as a query-string. 我知道您可以通过将versionId作为查询字符串发送来访问不同的对象版本。
How does this work with cloudfront and signed urls? 这如何与云端和签名网址一起使用?
If I want to return a specific version of a file, do I have to sign the url with the query-string attached, like: 如果我想返回文件的特定版本,是否必须使用附加的查询字符串对URL进行签名,例如:
http://example.cloudfront.net/files/file.pdf?verisonId=[id] http://example.cloudfront.net/files/file.pdf?verisonId=[id]
Well, I tried signing the url together with the versionId - it didn't work. 好吧,我尝试与versionId一起签署网址 - 它没有用。 Signing the url only, and then appending the versionId later gave an access denied response.
仅对URL进行签名,然后附加versionId会给出拒绝访问的响应。
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>89F25EB47DDA64D5</RequestId>
<HostId>Z2xAduhEswbdBqTB/cgCggm/jVG24dPZjy1GScs9ak0w95rF4I0SnDnJrUKHHQC</HostId>
</Error>
Any help will be much appreciated. 任何帮助都感激不尽。
You need to either set the proper ACL to allow your CloudFront canonical ID to access versioned objects or you need to set a bucket policy that allows the action "s3:GetObjectVersion" . 您需要设置正确的ACL以允许CloudFront规范ID访问版本化对象,或者您需要设置允许操作“s3:GetObjectVersion”的存储桶策略 。 You probably only have GetObject which allows you to retrieve normal objects through CloudFront but not ?versionId=<> objects.
您可能只有GetObject,它允许您通过CloudFront检索普通对象,但不能检索?versionId = <>对象。
Add a bucket policy similar to: 添加类似于的存储桶策略:
{
"Version":"2012-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [{
"Action": ["s3:GetObject", "s3:GetObjectVersion" ],
"Effect": "Allow",
"Principal":{"CanonicalUser":"<CLOUDFRONT CANONICAL ID>"},
"Resource": "<BUCKET RESOURCE IDENTIFIER>",
"Sid": "Grant a CloudFront Origin Identity access to support private content and versioned content."
}]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.