AWS S3 存储桶策略 - 如何只允许从我的网站访问?
[英]AWS S3 bucket policy - how to allow access only from my website?
问题描述
I have a paperclip text file attachment (in Rails).
我有一个回形针文本文件附件(在 Rails 中)。
My bucket policy is:我的存储桶策略是:
{
"Version": "2008-10-17",
"Id": "Policy123",
"Statement": [
{
"Sid": "Stmt123",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
I want to restrict access to these actions to only be allowed when the request comes from my website.我想限制对这些操作的访问,仅当请求来自我的网站时才被允许。 Is it simply a case of updating this to: "Principal": {"AWS": "mywebsite.com"} ?是否只是将其更新为: "Principal": {"AWS": "mywebsite.com"} 的情况?
2 个解决方案
解决方案1
16 2012-11-29 13:20:50
You can check some examples in S3 Documentations您可以在S3 文档中查看一些示例
To restrict the access from your web site, you can use the condition on Referrer :要限制从您的网站访问,您可以使用Referrer上的条件:
{
"Version":"2008-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.mysite.com and mysite.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
" http://www.mysite.com/*",
" http://mysite.com/*"
]
}
}
}
]
}
解决方案2
4 2019-07-21 17:00:59
Bucket policy :桶策略:
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests originating from www.example.com and example.com.",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::00000000:user/example-user" // IAM User ARN
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-example/*", // bucket ARN
"Condition": {
"StringLike": {
"aws:Referer": [
"http://example.com/*" // Website link
]
}
}
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.