[英]I want to block public access to my S3 bucket, but give read only access to its object
I have created an S3 bucket for my organization, where I am hosting a static webpage. 我为托管静态网页的组织创建了一个S3存储桶。 I want to give read-only public access to it, but deny public access overall.
我想授予其只读公共访问权限,但总体上拒绝公共访问。
I tried adding bucket policy which provides read access and blocking the public access feature under Permissions -> Block Public access section. 我尝试在“权限”->“阻止公共访问”部分下添加提供读取访问并阻止公共访问功能的存储桶策略。 But it is giving me Access Denied in all the scenarios.
但这使我在所有情况下都被拒绝访问。
Disable the public access but set the s3 bucket 'allow' permission with read only action to the objects from the outside: 禁用公共访问,但是通过对外部对象的只读操作来设置s3存储桶的“允许”权限:
"Action":["s3:GetObject"]
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "eact resource information"
}
]
}
This is what my S3 Url is taking me to: 这就是我的S3 Url带我去的地方:
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7B5968B84E5DB018</RequestId><HostId>ehRR5C0zoZU0QO0e9SdetVsa/6TrO/kIRwynpSl+L4zFiP1I6yFwtHsembeQjnP/ozdeOgRBrdg=</HostId></Error>
To grant public access to all objects in the bucket, use this Bucket Policy: 要授予对存储桶中所有对象的公共访问权限,请使用以下存储桶策略:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicPermission",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::my-bucket/*"]
}
]
}
(Replace my-bucket
with the name of your bucket) (用
my-bucket
名称替换my-bucket
桶)
You will also need to turn off Block Public Access to allow the Bucket Policy to operate. 您还需要关闭“阻止公共访问”以允许执行存储桶策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.