堆栈内存溢出
  简体   繁体   English

在内部网络中共享来自 AWS S3 存储桶的文件

[英]Share file from AWS S3 bucket within internal network

 原文  2020-03-03 11:29:08       amazon-web-services/ amazon-s3/ bucket/ vpc

问题描述

I'd like to share file test.txt from AWS S3 bucket for my internal network.我想为我的内部网络共享来自 AWS S3 存储桶的文件test.txt User should be able to download that file via HTTP(s) without any authorization.用户应该能够在没有任何授权的情况下通过 HTTP(s) 下载该文件。 I set tup S3 Access Point using VPC:我使用 VPC 设置了 S3 接入点:

在此处输入图片说明 在此处输入图片说明

but when I'm trying to download it fails:但是当我尝试下载时它失败了:

$ curl https://access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com/test.txt
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use Signature Version 4.</Message><RequestId>B96D773CF3DF265B</RequestId><HostId>gAPCDvlncaP5n63h1qGK/Lkt+LReqfuHzWbdwHIUKPRk8dY1EEAisIadmeCacPc2YvGtRb+lUCU=</HostId></Error>


$ wget https://access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com/test.txt
--2020-03-03 11:21:17--  https://access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com/test.txt
Resolving access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com (access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com)... 52.218.208.209
Connecting to access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com (access-through-vpc-<account_id>.s3-accesspoint.us-west-2.amazonaws.com)|52.218.208.209|:443... connected.
HTTP request sent, awaiting response... 400 Bad Request
2020-03-03 11:21:17 ERROR 400: Bad Request.

Can you help, please?你能帮忙吗?

1 个解决方案

解决方案1
 2  2020-03-03 16:20:30

When you say "for my internal network" I am understanding as from your VPC.当您说“对于我的内部网络”时,我理解为来自您的 VPC。
You already create the S3 Access Point using Network access type VPC, which is correct to restrict the access to only your VPC.您已经使用Network access type VPC 创建了 S3 接入点,将Network access type限制为仅您的 VPC 是正确的。

In order for S3 understand the access comes from your VPC you need to have a VPC Endpoint for S3 and configure your route tables to use this Endpoint.为了让 S3 了解访问来自您的 VPC,您需要有一个 S3 的 VPC 端点并配置您的路由表以使用此端点。
Otherwise your requests to S3 will be made via internet, which will give you "forbidden access"否则您对 S3 的请求将通过互联网发出,这将使您“禁止访问”

As you are blocking all public access, your instances will requires an role with permission to this bucket.当您阻止所有公共访问时,您的实例将需要一个有权访问此存储桶的角色。
If you really want to avoid authentication, you need to set Bucket policy and Access Point policy according.如果您真的想避免身份验证,则需要根据此设置 Bucket 策略和 Access Point 策略。

In the link below it explain the process to use VPC Endpoint and S3 Access Points.在下面的链接中,它解释了使用 VPC 端点和 S3 接入点的过程。
https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 aws S3 存储桶:从浏览器上传 POST 文件时出现内部服务器错误 500 - aws S3 bucket: Internal Server Error 500 on POST file upload from browser 控制塔 AWS - 共享 s3 存储桶 - Control Tower AWS - Share s3 bucket 在AWS中如何使用lambda函数将文件从一个s3存储桶复制到另一个s3存储桶 - In AWS how to Copy file from one s3 bucket to another s3 bucket using lambda function 来自AWS S3 Bucket的NodeJS下载文件 - NodeJS download file from AWS S3 Bucket AWS RDS:从S3存储桶中的sql文件导入数据 - AWS RDS: import data from sql file in S3 bucket 在 jupyter Notebok 上从 AWS S3 存储桶打开文件 - Opening file from AWS S3 bucket on jupyter notebok AWS:将视频文件从 Web 应用程序上传到 s3 存储桶 - AWS: Upload video file from web app into s3 bucket 从 S3 存储桶下载文件 - AWS Oracle RDS - Downloading file from S3 bucket - AWS Oracle RDS 从 s3 存储桶获取的 AWS athena 查询结果文件 - AWS athena query result file fetching from s3 bucket 从远程 Solaris 服务器到 AWS S3 存储桶的 FTP 文件 - FTP file from remote Solaris server to AWS S3 bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM