亚马逊S3对象:是否有可能限制公众阅读的政策只是在一定的IP不会忽略? [英] Amazon S3 objects: is it possible to restrict public read policy to some IP adresses only ?
问题描述
一个有公共读取策略桶。现在我想限制访问的部分,以便对象来只在某些IP不会忽略访问。这可能吗?
A have a bucket with a public read policy. Now I want to restrict access to some of the objects in order to be accessible only from some IP adresses. Is this possible?
我还计划添加CloudFront的。我应该怎么做,以保持相同的设置每个对象?
I also plan to add CloudFront. What should I do to keep the same settings on each object?
谢谢!
推荐答案
您可以使用S3斗政策。代替个别的文件,但它会被施加到桶中的个人文件夹。您可以使用策略如下所示:
You can use S3 bucket policy. But instead of individual files it will be applied to individual folders in the bucket. You can use policy like the following:
{
"Version": "2008-10-17",
"Id": "testPolicy",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/subfolder/subfolder2/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xxx.xxx.xxx.xxx/xx",
"xxx.xxx.xxx.xxx/xx"
]
}
}
}
]
}
用户你的水桶名和文件夹名称和IP地址。
User your bucket name and folder names, and IPs.
注意:请首先尝试在非生产水桶
Note: Please try it first on a non production bucket.
这篇关于亚马逊S3对象:是否有可能限制公众阅读的政策只是在一定的IP不会忽略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!