使用策略限制Amazon S3存储桶上的文件类型 [英] Restricting file types on amazon s3 bucket with a policy

问题描述

我正在尝试设置，以便存储分区只能容纳的文件类型为png，jpeg和gif图像.我正在尝试采用这样的存储桶策略

  {条件": [{"bucket":"bucketname"}，[开始于"，"$ Content-Type"，图像/jpeg"]，[开始于"，"$ Content-Type"，"image/png"]，[开头为"，"$ Content-Type"，"image/gif"]，["content-length-range"，0，10485760]]} 

然后，我也试图限制大小，但是当我尝试更新策略时，出现错误无效的策略元素-条件"

我尝试使用此处的答案-

I'm trying to set up so the only file types the bucket can hold would be png, jpeg, and gif images. I'm trying to put in a bucket policy like this

{
    "conditions": [
        {"bucket": "bucketname"},
        ["starts-with", "$Content-Type", "image/jpeg"],
        ["starts-with", "$Content-Type", "image/png"],
        ["starts-with", "$Content-Type", "image/gif"],
        ["content-length-range", 0, 10485760]
    ]
}

Then I'm also trying to limit the size but when I try to update my policy I get the error "Invalid policy element - conditions"

I tried using the answer from here - s3 direct upload restricting file size and type so that's where I made my code from but I'm not sure the correct approach to do this since my policy isn't even being accepted by amazon.

解决方案

You can use the policy generator for this if you're not sure how to write, for example you would have something like

{
  "Id": "Policy1464968545158",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1464968483619",
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<yourbucket>/*.jpg",
      "Principal": "*"
    },
    {
      "Sid": "Stmt1464968543787",
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<yourbucket>/*.png",
      "Principal": "*"
    }
  ]
}

As said from doc you can specify multiple resources and aggregate this part, so no need to multiply the statement

    "Resource": [
      "arn:aws:s3:::<yourbucket>/*.jpg",
      "arn:aws:s3:::<yourbucket>/*.png",
      "arn:aws:s3:::<yourbucket>/*.gif",
    ],

so you get something like

{
    "Id": "Policy1464968545158",
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "Stmt1464968483619",
        "Action": [
          "s3:PutObject"
        ],
        "Effect": "Allow",
        "Resource": [
          "arn:aws:s3:::<yourbucket>/*.jpg",
          "arn:aws:s3:::<yourbucket>/*.png",
          "arn:aws:s3:::<yourbucket>/*.gif",
        ],
        "Principal": "*"
      }
    ]
}

you can access policy generator when you create your bucket policy

这篇关于使用策略限制Amazon S3存储桶上的文件类型的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！