AWS S3存储桶策略-如何只允许从我的网站访问? [英] AWS S3 bucket policy - how to allow access only from my website?
本文介绍了AWS S3存储桶策略-如何只允许从我的网站访问?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个回形针文本文件附件(在Rails中).
I have a paperclip text file attachment (in Rails).
我的存储桶策略是:
{
"Version": "2008-10-17",
"Id": "Policy123",
"Statement": [
{
"Sid": "Stmt123",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
我想将对这些操作的访问限制为仅在请求来自我的网站时才允许.仅仅是将其更新为:"Principal":{"AWS":"mywebsite.com"}的一种情况?
I want to restrict access to these actions to only be allowed when the request comes from my website. Is it simply a case of updating this to: "Principal": {"AWS": "mywebsite.com"} ?
推荐答案
您可以在 S3中查看一些示例文档
要限制从您的网站访问,可以使用 Referrer 上的条件:
To restrict the access from your web site, you can use the condition on Referrer:
{
"Version":"2008-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.mysite.com and mysite.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
" http://www.mysite.com/*",
" http://mysite.com/*"
]
}
}
}
]
}
这篇关于AWS S3存储桶策略-如何只允许从我的网站访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文