如何使用公共读取访问权限创建存储桶? [英] How to create a bucket with Public Read Access?

问题描述

我想在我的存储桶中的serverless.yml文件中"public"文件夹中的所有项目上启用Public Read-Access.

I´d like to enable Public Read-Access on all items in my Bucket that are in the "public" folder in the serverless.yml file.

当前，这是我用来声明我的存储桶的定义代码.它是从一个无服务器堆栈示例中复制并粘贴的.

Currently this is definition code i use to declare my bucket. Its a bit of copy and paste from one of the serverless-stack examples.

Resources:
  AttachmentsBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      # Set the CORS policy
      BucketName: range-picker-bucket-${self:custom.stage}
      CorsConfiguration:
        CorsRules:
          -
            AllowedOrigins:
              - '*'
            AllowedHeaders:
              - '*'
            AllowedMethods:
              - GET
              - PUT
              - POST
              - DELETE
              - HEAD
            MaxAge: 3000

# Print out the name of the bucket that is created
Outputs:
  AttachmentsBucketName:
    Value:
      Ref: AttachmentsBucket

现在，当我尝试对文件使用url时，它会返回拒绝访问的信息.我必须在aws-s3网络界面中手动设置每个文件的公共读取权限.

Now when i try to use a url for a file, it returns access denied. I manually have to set the public read permission for every file by hand in the aws-s3 web interface.

我在做什么错了?

推荐答案

您需要

Instead of using CorsConfiguration on the bucket, you need to attach a bucket policy to it. Try the following:

Resources:
  AttachmentsBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: range-picker-bucket-${self:custom.stage}

  AttachmentsBucketAllowPublicReadPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref AttachmentsBucket
      PolicyDocument:
        Version: "2012-10-17"
        Statement: 
          - Effect: Allow
            Action: 
              - "s3:GetObject"
            Resource: 
              - !Join ['/', [!Ref AttachmentsBucket, 'public']]
            Principal: "*"

这篇关于如何使用公共读取访问权限创建存储桶?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！