在Amazon S3 Boto存储桶中设置特定权限 [英] Setting specific permission in amazon s3 boto bucket

问题描述

我在一个存储桶中有一个名为 ben-bucket的存储桶，我有多个文件。
我希望能够为每个文件URL设置权限。
我不太确定，但我假设是否需要存储桶中每个文件的URL。
我的URL会是这样吗？

I have a bucket called 'ben-bucket' inside that bucket I have multiple files. I want to be able to set permissions for each file URL. I'm not too sure but I'm assuming if I wanted URL for each file inside a bucket. My URL would be like this?

https://ben-bucket.s3.amazonaws.com/<file_name>

所以基本上，我想设置对该URL的公共访问。我该怎么办？
我尝试了此操作，但不起作用

So basically, I want to set a public access to that URL. How would I do it? I tried this and it doesn't work

    bucket = s3.Bucket('ben-bucket').Object('db.sqlite')
    bucket.BucketAcl('public-read')
    print bucket_acl

提供的代码。 db.sqlite是我的存储桶ben-bucket中的文件之一。该代码无效。我希望能够公开访问以下URL

The code provided. db.sqlite is one of the files inside my bucket ben-bucket The code doesn't work. I want to be able to access the following URL publicly

https://ben-bucket.s3.amazonaws.com/db.sqlite

我提供的代码未将权限设置为公开读取。

The code I provided doesn't set the permission to public-read.

推荐答案

默认情况下，Amazon S3中的所有对象都是私有的。然后您可以添加权限，以便人们可以访问您的对象。可以通过以下方式完成：

By default, all objects in Amazon S3 are private. You can then add permissions so that people can access your objects. This can be done via:

• 对单个对象的访问控制列表权限


• Bucket Policy （桶策略），该策略根据路径，IP地址，引荐来源网址等来授予广泛的访问权限。


• IAM用户和组 >授予具有AWS凭证的用户权限


• 预签名URL

• Access Control List permissions on individual objects
• A Bucket Policy that grants wide-ranging access based on path, IP address, referrer, etc
• IAM Users and Groups that grant permissions to Users with AWS credentials
• Pre-Signed URLs

如果您希望授予对整个存储桶的公共访问权限，最简单的选择是创建一个存储桶策略，如下所示（来自桶策略示例]：

If you wish to grant public access to your entire bucket, the simiplest option is to create a Bucket Policy like this (from Bucket Policy Examples]:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::MY-BUCKET/*"]
    }
  ]
}

如果您只希望授予对子目录 内的公共访问权限，桶，使用：

If you wish to grant public access only to a sub-directory within the bucket, use:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::MY-BUCKET/PATH/*"]
    }
  ]
}

是的，您还可以为每个文件设置权限。的代码为：

Yes, you could also set the permissions on each individual file. The code for that would be:

import boto3
s3 = boto3.resource('s3')
object = s3.Bucket('ben-bucket').Object('db.sqlite')
object.Acl().put(ACL='public-read')

参考： Boto3 S3访问控件

这篇关于在Amazon S3 Boto存储桶中设置特定权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！