[英]AWS S3 Bucket Accessible from my ElasticBeanStalk Instance only
I have 1 s3 bucket, 1 elasticbeanstalk instance.我有 1 个 s3 存储桶,1 个 elasticbeanstalk 实例。 Currenly my s3bucket is made public hence its accessible from any domain, even from my localhost.目前我的 s3bucket 是公开的,因此它可以从任何域访问,甚至从我的本地主机。 I want that all my s3 bucket resources should be accessible from my EBS instance only where my APP is hosted/running.我希望我的所有 s3 存储桶资源只能在我的 APP 托管/运行的地方从我的 EBS 实例访问。 My app should be able to view these resources and upload new images/resources to this bucket .我的应用程序应该能够查看这些资源并将新图像/资源上传到此存储桶。 I am sure somebody myt have done this.我敢肯定有人已经这样做了。
Controlling access to S3 has several ways.控制对 S3 的访问有多种方式。 The best practice to make something privately accessible is: not to give any rights to access your S3 buckets/files in the bucket policy.使某些内容可私有访问的最佳做法是:不要在存储桶策略中授予任何访问 S3 存储桶/文件的权限。
However you should create an IAM role which has either a full access to S3, or limited access to some actions, some buckets.但是,您应该创建一个 IAM 角色,该角色具有对 S3 的完全访问权限,或对某些操作、某些存储桶的有限访问权限。
For every EC2 instances and also to every Elastic Beanstalk environments, you can attache an IAM Role.对于每个 EC2 实例以及每个 Elastic Beanstalk 环境,您都可以附加一个 IAM 角色。 This role will be automatically served to your instances via instance metadata.此角色将通过实例元数据自动提供给您的实例。 This is a safe way to give special rights to your instances.这是为您的实例赋予特殊权限的安全方式。
(Note: This is an AWS security best practice, since AWS will deal with the key rotations on your EC2 boxes.) (注意:这是 AWS 安全最佳实践,因为 AWS 将处理您的 EC2 设备上的密钥轮换。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.