使用 cloudformation 模板向公眾授予對 s3 存儲桶對象的讀取和查看權限

Question

我正在編寫一個 AWS cloudformation 模板來接收來自 Kinesis Firehose 的 s3 存儲桶中的文件。 我已經授予對存儲桶的公共讀取訪問權限（存儲桶是公共的）但是當我使用 object URL 訪問存儲桶內的文件時，我收到“XML 文件似乎沒有任何與之關聯的樣式”錯誤，它說訪問被拒絕. 但是 object（JSON 文件）是可下載的。

我已授予對 s3 存儲桶的完全訪問權限

Resources:

# Create s3 bucket
MyS3Bucket:
 Type: AWS::S3::Bucket
 Properties:
    BucketName: health-app-buckett
    AccessControl: PublicRead

# Create Role
S3BucketRole:
 Type: 'AWS::IAM::Role'
 Properties:
  AssumeRolePolicyDocument:
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - s3.amazonaws.com
        Action:
          - 'sts:AssumeRole'

#Create policy for bucket
S3BucketPolicies:
 Type: 'AWS::IAM::Policy'
 Properties:
  PolicyName: S3BucketPolicy
  PolicyDocument:
    Statement:
      - Sid: PublicReadForGetBucketObjects
        Effect: Allow
        Action: 's3:GetObject'
        Resource: !Join
          - ''
          - - 'arn:aws:s3:::'
            - !Ref MyS3Bucket
            - /*
  Roles:
    - !Ref S3BucketRole

我希望能夠使用 Object URL 查看文件

Answer 1

您需要將 PublicAccessBlockConfiguration 添加到您的模板

MyS3Bucket:
 Type: AWS::S3::Bucket
 Properties:
    BucketName: health-app-buckett
    AccessControl: PublicRead
    PublicAccessBlockConfiguration:
            BlockPublicAcls : false
            BlockPublicPolicy : false
            IgnorePublicAcls : false
            RestrictPublicBuckets : false