堆栈内存溢出
  简体   繁体   English

将S3存储桶网站仅限于某些AWS账户

[英]Restrict S3 bucket website to certain AWS accounts only

 原文  2018-12-08 17:54:52       amazon-web-services/ amazon-s3/ aws-sdk/ amazon-cloudfront/ amazon-iam

问题描述

I am looking to host a private website(html,js,css) in an S3 bucket and i want this website to be accessible only by aws accounts specified by me. 我希望在S3存储桶中托管一个私有网站(html,js,css),并且我希望该网站只能由我指定的aws帐户访问。

I read the question here - Restrict access to website hosted on S3 . 我在这里阅读了问题- 限制访问S3上托管的网站

The accepted answer says i can restrict access to a particular aws account. 接受的答案说我可以限制对特定aws帐户的访问。 But another answer says i cannot restrict by account. 但是另一个答案说我不能受帐户限制。

the main objective here is to give the url from the static website provided by amazon to give access to certain aws accounts. 这里的主要目的是提供由Amazon提供的静态网站的url,以访问某些AWS帐户。 Only authenticated aws accounts can access the site. 只有经过身份验证的AWS帐户才能访问该网站。

What i found on research shows that an S3 with website hosting enabled cannot have such restrictions and needs to be public. 我在研究中发现,启用了网站托管的S3不能有这种限制,需要公开。 Just wanted to know if there any workarounds. 只是想知道是否有任何解决方法。

I did look into serving with cloudfront signed urls but i cannot seem to authorise only certain aws accounts access. 我确实考虑过使用Cloudfront签名的URL进行服务,但似乎无法仅授权某些AWS帐户访问权限。 But this could be because i havent understood the concept completely. 但这可能是因为我还没有完全理解这个概念。 Or perhaps aws Cognito. 也许是Aogni Cognito。

1 个解决方案

解决方案1
 0  2018-12-09 01:58:18

Making a private website hosting is clearly documented here, 此处明确记录了进行私人网站托管的情况,

https://medium.com/@pvinchon/private-static-website-hosting-on-aws-s3-54664725b9e7 https://medium.com/@pvinchon/private-static-website-hosting-on-aws-s3-54664725b9e7

Once you have the website, enable the policy as below, 建立网站后,启用以下政策, 

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Sid": "Example permissions",
         "Effect": "Allow",
         "Principal": {
            "AWS": "arn:aws:iam::AccountB-ID:root"
         },
         "Action": [
            "s3:GetBucketLocation",
            "s3:ListBucket"
         ],
         "Resource": [
            "arn:aws:s3:::examplebucket"
         ]
      }
   ]
}

Hope it helps. 希望能帮助到你。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 限制用户仅列出存储桶中的某些文件夹的 AWS S3 策略 - AWS S3 Policy to Restrict User to List Only Certain Folders in a Bucket 如何将 AWS S3 存储桶的访问权限限制为特定角色? - How to restrict access to an AWS S3 bucket only to a specific role? 将AWS S3存储桶限制为仅针对/ GET请求的某些实例 - Restricting AWS S3 bucket to only certain instances for /GET requests 限制对AWS上S3存储桶的访问 - Restrict Access to S3 bucket on AWS AWS S3 存储桶限制访问 - AWS S3 bucket restrict accss AWS S3和CloudFront限制存储桶访问 - AWS S3 and CloudFront Restrict Bucket Access 非 AWS 账户的 AWS S3 每个存储桶权限 - AWS S3 Per Bucket Permission for non-AWS accounts 阻止某个 aws s3 Bucket 请求 - Block a certain aws s3 Bucket request 如何通过某些文件类型限制 S3 文件上传到存储桶? - How to restrict S3 file upload to a bucket by certain file type? AWS S3-如何将IAM用户限制为一个存储桶? - AWS S3 - How to restrict an IAM user to just a single bucket?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM