公用Amazon S3存储桶的URL [英] URL for public Amazon S3 bucket

问题描述

我有一个Amazon S3存储桶，我通过类似的政策公开了该信息

I have an Amazon S3 bucket that I make public with a policy like this

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow Public Access to All Objects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}

我的存储桶现在显示为 http://bucket.s3-website-us-east-1.amazonaws.com/

My bucket is now visible as http://bucket.s3-website-us-east-1.amazonaws.com/

我看到其他人将他们的存储桶称为 http://s3-us-east-1.amazonaws.com/bucket/

I see others refer to their bucket as http://s3-us-east-1.amazonaws.com/bucket/

我希望使用第二个URL，但它会拒绝访问.

I would prefer the 2nd URL, but it gives an Access Denied.

如何更改我的政策以允许第二个URL?

How can I change my policy to allow the 2nd URL ?

推荐答案

您所指的URL结构称为REST端点，而不是Web站点端点.

The URL structure you're referring to is called the REST endpoint, as opposed to the Web Site Endpoint.

注意:自从最初编写此答案以来，S3已使用新的主机名在REST端点上推出了对双堆栈的支持，同时保留了现有的主机名.现在，这已集成到下面提供的信息中.

如果您的存储桶确实位于AWS的us-east-1地区- S3文档以前称为美国标准"地区，但后来正式更名为美国东部(弗吉尼亚北部)地区" -那么http://s3-us-east-1.amazonaws.com/bucket/不是该端点的正确形式，即使看起来应该是正确的.该区域的正确格式为http://s3.amazonaws.com/bucket/或http://s3-external-1.amazonaws.com/bucket/.

If your bucket is really in the us-east-1 region of AWS -- which the S3 documentation formerly referred to as the "US Standard" region, but was subsequently officially renamed to the "U.S. East (N. Virginia) Region" -- then http://s3-us-east-1.amazonaws.com/bucket/ is not the correct form for that endpoint, even though it looks like it should be. The correct format for that region is either http://s3.amazonaws.com/bucket/ or http://s3-external-1.amazonaws.com/bucket/.¹

您使用的格式适用于所有其他S3地区，但不适用于美国标准美国东部(弗吉尼亚北部)[us-east-1].

The format you're using is applicable to all the other S3 regions, but not US Standard US East (N. Virginia) [us-east-1].

S3现在还具有双栈端点主机名用于REST端点，与原始端点的主机名不同，它们的名称在区域之间具有一致的格式，例如s3.dualstack.us-east-1.amazonaws.com.这些端点同时支持IPv4和IPv6连接以及DNS解析，但在功能上与现有REST端点相同.

S3 now also has dual-stack endpoint hostnames for the REST endpoints, and unlike the original endpoint hostnames, the names of these have a consistent format across regions, for example s3.dualstack.us-east-1.amazonaws.com. These endpoints support both IPv4 and IPv6 connectivity and DNS resolution, but are otherwise functionally equivalent to the existing REST endpoints.

如果设置了权限和配置以使网站端点正常工作，则REST端点也应正常工作.

If your permissions and configuration are set up such that the web site endpoint works, then the REST endpoint should work, too.

但是...两个端点没有提供相同的功能.

However... the two endpoints do not offer the same functionality.

粗略地说，REST端点更适合用于机器访问，而Web站点端点更适合于人类访问，因为Web站点端点提供了友好的错误消息，索引文档和重定向，而REST端点却没有. t.另一方面，REST终结点提供HTTPS和对签名URL的支持，而网站终结点则不提供.

Roughly speaking, the REST endpoint is better-suited for machine access and the web site endpoint is better suited for human access, since the web site endpoint offers friendly error messages, index documents, and redirects, while the REST endpoint doesn't. On the other hand, the REST endpoint offers HTTPS and support for signed URLs, while the web site endpoint doesn't.

为您的应用程序选择正确的端点类型(REST或网站):

Choose the correct type of endpoint (REST or web site) for your application:

http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff

¹ s3-external-1.amazonaws.com 已被称为北弗吉尼亚州终点"，与全局端点" s3.amazonaws.com相反.如果使用了"s3-external-1"主机名，那么在该区域的新对象上获得写后读写一致性是非正式的，因为这会将您发送到可以提供该功能的可能的物理端点的子集.现在已在此端点上正式支持此行为，因此在许多应用程序中，这可能是更好的选择.以前，s3-external-2 已被称为太平洋西北地区端点" 对于美国标准，尽管它现在是s3-external-1在DNS中的CNAME，所以s3-external-2除了向后兼容之外似乎没有其他用途.

¹ s3-external-1.amazonaws.com has been referred to as the "Northern Virginia endpoint," in contrast to the "Global endpoint" s3.amazonaws.com. It was unofficially possible to get read-after-write consistency on new objects in this region if the "s3-external-1" hostname was used, because this would send you to a subset of possible physical endpoints that could provide that functionality. This behavior is now officially supported on this endpoint, so this is probably the better choice in many applications. Previously, s3-external-2 had been referred to as the "Pacific Northwest endpoint" for US-Standard, though it is now a CNAME in DNS for s3-external-1 so s3-external-2 appears to have no purpose except backwards-compatibility.

这篇关于公用Amazon S3存储桶的URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！