亚马逊S3对象：是否有可能限制公众阅读的政策只是在一定的IP不会忽略？ [英] Amazon S3 objects: is it possible to restrict public read policy to some IP adresses only ?

问题描述

一个有公共读取策略桶。现在我想限制访问的部分，以便对象来只在某些IP不会忽略访问。这可能吗？

A have a bucket with a public read policy. Now I want to restrict access to some of the objects in order to be accessible only from some IP adresses. Is this possible?

我还计划添加CloudFront的。我应该怎么做，以保持相同的设置每个对象？

I also plan to add CloudFront. What should I do to keep the same settings on each object?

谢谢！

推荐答案

您可以使用S3斗政策。代替个别的文件，但它会被施加到桶中的个人文件夹。您可以使用策略如下所示：

You can use S3 bucket policy. But instead of individual files it will be applied to individual folders in the bucket. You can use policy like the following:

  {
        "Version": "2008-10-17",
        "Id": "testPolicy",
        "Statement": [

            {
                "Sid": "1",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "*"
                },
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::bucketname/subfolder/subfolder2/*",
                "Condition": {
                    "IpAddress": {
                        "aws:SourceIp": [
                            "xxx.xxx.xxx.xxx/xx",
                            "xxx.xxx.xxx.xxx/xx"
                        ]
                    }
                }
            }
        ]
    }

用户你的水桶名和文件夹名称和IP地址。

User your bucket name and folder names, and IPs.

注意：请首先尝试在非生产水桶

Note: Please try it first on a non production bucket.

这篇关于亚马逊S3对象：是否有可能限制公众阅读的政策只是在一定的IP不会忽略？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！