堆栈内存溢出
  简体   繁体   English

Amazon S3权限

[英]Amazon S3 permissions

 原文  2009-04-19 19:51:07       python/ django/ amazon-web-services/ amazon-s3

问题描述

Trying to understand S3...How do you limit access to a file you upload to S3? 试图了解S3 ...如何限制对上传到S3的文件的访问? For example, from a web application, each user has files they can upload, but how do you limit access so only that user has access to that file? 例如,从Web应用程序中,每个用户都有可以上传的文件,但是如何限制访问权限以便只有该用户才能访问该文件? It seems like the query string authentication requires an expiration date and that won't work for me, is there another way to do this? 似乎查询字符串身份验证需要一个到期日期,这对我不起作用,还有另一种方法吗?

4 个解决方案

解决方案1
 14  2009-04-20 12:28:03

There are various ways to control access to the S3 objects: 有多种方法可以控制对S3对象的访问:

  1. Use the query string auth - but as you noted this does require an expiration date. 使用查询字符串auth - 但正如您所说,这确实需要一个到期日期。 You could make it far in the future, which has been good enough for most things I have done. 你可以在将来做得很远,这对我做过的大多数事情已经足够了。

  2. Use the S3 ACLS - but this requires the user to have an AWS account and authenticate with AWS to access the S3 object. 使用S3 ACLS - 但这需要用户拥有AWS账户并通过AWS进行身份验证以访问S3对象。 This is probably not what you are looking for. 这可能不是你想要的。

  3. You proxy the access to the S3 object through your application, which implements your access control logic. 您通过应用程序代理对S3对象的访问,该应用程序实现了您的访问控制逻辑。 This will bring all the bandwidth through your box. 这将通过您的盒子带来所有带宽。

  4. You can set up an EC2 instance with your proxy logic - this keeps the bandwidth closer to S3 and can reduce latency in certain situations. 您可以使用代理逻辑设置EC2实例 - 这可以使带宽更接近S3,并可以减少某些情况下的延迟。 The difference between this and #3 could be minimal, but depends your particular situation. 这和#3之间的差异可能很小,但取决于您的具体情况。

解决方案2
 8  2009-04-20 12:43:17

  1. Have the user hit your server 让用户点击你的服务器
  2. Have the server set up a query-string authentication with a short expiration (minutes, hours?) 让服务器设置一个短期到期的查询字符串身份验证(分钟,小时?)
  3. Have your server redirect to #2 让您的服务器重定向到#2

解决方案3
 1  2009-04-19 20:24:55

您必须在应用程序中为S3构建整个访问逻辑

解决方案4
 0  2009-05-02 12:00:20

I've been dealing with this, too. 我也一直在处理这个问题。 Don, who wrote the S3 PHP class I'm using, pointed out you can use dirs inside buckets. 编写我正在使用的S3 PHP类的Don指出,你可以在桶内使用dirs。 So you can put your file in a dir with a random string and then redirect to that. 因此,您可以将文件放在带有随机字符串的目录中,然后重定向到该目录。 mybucket.amazon.net/wef49kfe4j409jf4f4f9jdfd/myfile.zip While not at all secure, you can control access to it by changing permissions or creating and deleting it (keep the original securely in a different bucket) as necessary. mybucket.amazon.net/wef49kfe4j409jf4f4f9jdfd/myfile.zip虽然根本不安全,但您可以根据需要通过更改权限或创建和删除权限(将原始文件安全地保存在其他存储桶中)来控制对它的访问。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么我的Amazon S3密钥权限不坚持? - Why are my Amazon S3 key permissions not sticking? 如何以boto编程方式检查Amazon S3权限? - How can I programmatically check Amazon S3 permissions with boto? Django 和 Amazon S3 - Django and Amazon S3 不完全转移到亚马逊S3 - Incomplete transfers to amazon s3 Amazon S3文件上传 - Amazon S3 file upload 指示亚马逊 S3 上的目录 - Indicate a directory on Amazon's S3 Python Boto S3可与Amazon S3中的自定义域一起使用 - Python Boto S3 to work with Custom Domains in Amazon S3 PUT 文件上传的 S3 权限 - S3 permissions for PUT file upload 在AWS S3中为权限指定IAM角色 - Specifying IAM roles for permissions in AWS S3 如何在Amazon S3中更改对象上的元数据 - How to change metadata on an object in Amazon S3
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM