Amazon S3查看私有文件 [英] Amazon S3 see private files

问题描述

我正在使用Amazon S3将文件上传到不同的文件夹中.所有文件夹和文件都是公开的，任何人都可以看到.我创建了一个私人文件夹，我想在其中放置私人图像，以便只有我才能看到它们.我已经创建了一个存储桶策略规则，该规则将拒绝对该文件夹的访问.但是我怎么看这些文件呢?是否有这样的特殊链接 https://s3.amazonaws .com/bucket/private_folder/file.jpg?secret_key = 123 ，这将使我和知道密钥的人能够看到文件?

I am using Amazon S3 to upload files into different folders. All folders and files are public and can be seen by anyone. I created a private folder, where i want to put private images so that only i can see them. I already created a bucket policy rule that will deny the access to that folder. But how can i see the files ? Is there a special link like this https://s3.amazonaws.com/bucket/private_folder/file.jpg?secret_key=123 that will let me and someone who know`s that secret key to see the files ?

是否可以通过使用secret_key，url或类似的东西来上传私有文件?

Is there any way of uploading private files that can be seen by using a secret_key, url or something like that ?

推荐答案

默认情况下，Amazon S3中的所有对象都是私有的.然后可以通过以下方式之一添加权限，使对象成为公共"对象:

By default, all objects in Amazon S3 are private. Objects can then be made "public" by adding permissions, via one of:

• 对象访问控制列表(ACL):直接在对象上设置权限
• 存储桶策略:与存储桶相关，可以定义与子目录，键名(文件名)，时间，IP地址等相关的规则
• IAM策略:与特定用户或组有关

• Object Access Control List (ACL): Setting the permission directly on the object
• Bucket Policy: Relates to the bucket, can define rules relating to sub-directories, key name (filenames), time-of-day, IP address, etc
• IAM Policy: Relates to specific Users or Groups

只要这些方法之一授予访问权限，此人就可以访问该对象.还可以分配Deny权限，以覆盖允许"权限.

As long as one of these methods grants access, the person will be able to access the object. It is also possible to assign Deny permissions that override Allow permissions.

通过未经身份验证的URL (例如，s3.amazonaws.com/bucket-name/object-key)访问对象时，上述规则决定了访问.但是，如果您针对服务进行身份验证，甚至可以访问私人"文件，例如使用用户凭据或使用预签名的URL调用S3 API.

When an object is being accessed via an un-authenticated URL (eg s3.amazonaws.com/bucket-name/object-key), the above rules determine access. However, even "private" files can be accessed if you authenticate against the service, such as calling an S3 API with your user credentials or using a pre-signed URL.

要查看其工作原理，请在Amazon S3管理控制台中单击一个私有文件，然后从操作"菜单中选择打开.该对象将被打开.这是通过为浏览器提供一个预先签名的URL来完成的，该URL包括密码大小的URL和有效期.该URL将仅在定义的时间之前用于获取私有文件.

To see how this works, click a private file in the Amazon S3 Management Console, then choose Open from the Actions menu. The object will be opened. This is done by providing the browser with a pre-signed URL that includes a cryptographically-sized URL and a period of validity. The URL will work to Get the private file only until a defined time.

因此，要回答您的问题，您仍然可以通过以下方式访问私人文件:

So, to answer your question, you can still access private files via:

• 控制台中的打开"命令
• 网络浏览器中的预签名URL
• 经过身份验证的API调用

请当心，不要定义甚至覆盖访问文件功能的DENY规则.只需简单地允许您希望公开的目录即可.

Just be careful that you don't define DENY rules that override even your ability to access files. It's easier to simply ALLOW the directories you'd like to be public.

请参阅:查询字符串请求身份验证替代方法

这篇关于Amazon S3查看私有文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！