在Amazon S3 Boto存储桶中设置特定权限 [英] Setting specific permission in amazon s3 boto bucket
问题描述
我在一个存储桶中有一个名为 ben-bucket的存储桶,我有多个文件。
我希望能够为每个文件URL设置权限。
我不太确定,但我假设是否需要存储桶中每个文件的URL。
我的URL会是这样吗?
I have a bucket called 'ben-bucket' inside that bucket I have multiple files. I want to be able to set permissions for each file URL. I'm not too sure but I'm assuming if I wanted URL for each file inside a bucket. My URL would be like this?
https://ben-bucket.s3.amazonaws.com/<file_name>
所以基本上,我想设置对该URL的公共访问。我该怎么办?
我尝试了此操作,但不起作用
So basically, I want to set a public access to that URL. How would I do it? I tried this and it doesn't work
bucket = s3.Bucket('ben-bucket').Object('db.sqlite')
bucket.BucketAcl('public-read')
print bucket_acl
提供的代码。 db.sqlite是我的存储桶ben-bucket中的文件之一。该代码无效。我希望能够公开访问以下URL
The code provided. db.sqlite is one of the files inside my bucket ben-bucket The code doesn't work. I want to be able to access the following URL publicly
https://ben-bucket.s3.amazonaws.com/db.sqlite
我提供的代码未将权限设置为公开读取。
The code I provided doesn't set the permission to public-read.
推荐答案
默认情况下,Amazon S3中的所有对象都是私有的。然后您可以添加权限,以便人们可以访问您的对象。可以通过以下方式完成:
By default, all objects in Amazon S3 are private. You can then add permissions so that people can access your objects. This can be done via:
- 对单个对象的访问控制列表权限
- Bucket Policy (桶策略),该策略根据路径,IP地址,引荐来源网址等来授予广泛的访问权限。
- IAM用户和组 >授予具有AWS凭证的用户权限
- 预签名URL
- Access Control List permissions on individual objects
- A Bucket Policy that grants wide-ranging access based on path, IP address, referrer, etc
- IAM Users and Groups that grant permissions to Users with AWS credentials
- Pre-Signed URLs
如果您希望授予对整个存储桶的公共访问权限,最简单的选择是创建一个存储桶策略,如下所示(来自桶策略示例]:
If you wish to grant public access to your entire bucket, the simiplest option is to create a Bucket Policy like this (from Bucket Policy Examples]:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/*"]
}
]
}
如果您只希望授予对子目录 内的公共访问权限,桶,使用:
If you wish to grant public access only to a sub-directory within the bucket, use:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/PATH/*"]
}
]
}
是的,您还可以为每个文件设置权限。的代码为:
Yes, you could also set the permissions on each individual file. The code for that would be:
import boto3
s3 = boto3.resource('s3')
object = s3.Bucket('ben-bucket').Object('db.sqlite')
object.Acl().put(ACL='public-read')
参考: Boto3 S3访问控件
这篇关于在Amazon S3 Boto存储桶中设置特定权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!