堆栈内存溢出
  简体   繁体   English

使用 cloudformation 模板向公众授予对 s3 存储桶对象的读取和查看权限

[英]give public read and view access to s3 bucket objects using cloudformation template

 原文  2019-10-04 19:54:42       amazon-web-services/ amazon-s3/ amazon-cloudformation

问题描述

I am writing a AWS cloudformation template to receive a file inside a s3 bucket from Kinesis Firehose.我正在编写一个 AWS cloudformation 模板来接收来自 Kinesis Firehose 的 s3 存储桶中的文件。 I have gave public read access to the bucket (bucket is public) but when i access the file inside the bucket using object URL, i get "The XML file does not appear to have any style associated with it" error and it says access denied.我已经授予对存储桶的公共读取访问权限(存储桶是公共的)但是当我使用 object URL 访问存储桶内的文件时,我收到“XML 文件似乎没有任何与之关联的样式”错误,它说访问被拒绝. However the object (JSON file) is downloadable.但是 object(JSON 文件)是可下载的。

I have given full access to the s3 bucket我已授予对 s3 存储桶的完全访问权限

Resources:

# Create s3 bucket
MyS3Bucket:
 Type: AWS::S3::Bucket
 Properties:
    BucketName: health-app-buckett
    AccessControl: PublicRead

# Create Role
S3BucketRole:
 Type: 'AWS::IAM::Role'
 Properties:
  AssumeRolePolicyDocument:
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - s3.amazonaws.com
        Action:
          - 'sts:AssumeRole'

#Create policy for bucket
S3BucketPolicies:
 Type: 'AWS::IAM::Policy'
 Properties:
  PolicyName: S3BucketPolicy
  PolicyDocument:
    Statement:
      - Sid: PublicReadForGetBucketObjects
        Effect: Allow
        Action: 's3:GetObject'
        Resource: !Join
          - ''
          - - 'arn:aws:s3:::'
            - !Ref MyS3Bucket
            - /*
  Roles:
    - !Ref S3BucketRole

I want to be able to view the file using Object URL我希望能够使用 Object URL 查看文件

1 个解决方案

解决方案1
 0  2022-02-23 16:14:38

You need to add PublicAccessBlockConfiguration to your template您需要将 PublicAccessBlockConfiguration 添加到您的模板

MyS3Bucket:
 Type: AWS::S3::Bucket
 Properties:
    BucketName: health-app-buckett
    AccessControl: PublicRead
    PublicAccessBlockConfiguration:
            BlockPublicAcls : false
            BlockPublicPolicy : false
            IgnorePublicAcls : false
            RestrictPublicBuckets : false

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 S3 存储桶的公共读取访问不起作用 - Public read access for S3 bucket not working 如何使用 sdk 在 AWS 中创建没有公共访问权限的 s3 存储桶和对象 go - how to create an s3 bucket and objects with no public access in AWS using sdk go 使用 CLI 使 S3 存储桶权限对“所有人”公开访问 - Make an S3 Bucket Permissions Public Access to 'Everyone' using CLI Cloudformation 模板 - 具有云端分发的 S3 存储桶网站 - 分发无法访问源 - Cloudformation template - S3 bucket website with cloudfront distribution - distribution can't access origin 使用一个 cloudFormation 模板从 zip 文件和 S3 存储桶创建一个 lambda - Create a lambda from zip file and and an S3 bucket using one cloudFormation Template AWS Cloudformation 模板 - S3 存储桶策略 - MalformedPolicy 错误 - AWS Cloudformation template - S3 bucket policy - MalformedPolicy error Cloudfront 在没有公共访问的情况下为 S3 存储桶源提供通过 AWS CDK Python 创建的访问被拒绝的响应 - Cloudfront give Access denied response created through AWS CDK Python for S3 bucket origin without public Access 仅授予特定用户对 S3 存储桶的访问权限,无公共访问权限 - Grant access to an S3 bucket for a specific user only, no public access 如何默认公开 AWS S3 存储桶中的所有对象? - How to make all Objects in AWS S3 bucket public by default? 无法授予 Cognito 用户对特定 S3 存储桶的访问权限 - Not able to give a Cognito User access on a certain S3 bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM