我可以从S3存储桶运行我的静态网站，并添加密码保护吗? [英] Can I run my static website from an S3 Bucket, and add password protection?

问题描述

我完全从Amazon S3存储桶运行静态网站，但是我想用密码保护我的内容.这可能吗?身份验证的类型不会打扰我，它只需要在那儿，这样人们就不能只是发现"我的网站.

I'm running a static website completely from an Amazon S3 bucket, but I want to password protect my content. Is this possible? The type of authentication doesn't bother me, it just needs to be there, so that people can't just 'discover' my website.

目前，我尚未设置域名，但我认为该域名可以排除 http://www .s3auth.com/作为可能的解决方案.还有其他吗?

At the moment, I don't have a domain name set up, which I believe rules out http://www.s3auth.com/ as a possible solution. Are there any others?

推荐答案

AWS目前没有提供直接执行此操作的方法.您提到的S3auth解决方案很不错，因为您的存储桶/对象保持私有状态，因此对存储桶的直接访问不允许在没有您的私有凭据的情况下读取对象. s3auth方法的缺点在于，它依赖于您使用专用凭据信任s3auth.如果您的凭据在任何阶段都受到破坏，则可能会因某人可能滥用您的访问权限而导致代价高昂.

AWS doesn't provide a way to do this directly right now. The S3auth solution you mentioned is nice in that your bucket/objects remain private so that a direct access to the bucket does not allow objects to be read without your private credentials. The disadvantage of the s3auth approach is that it relies on you trusting s3auth with your private credentials. If your credentials are compromised at any stage, it could be costly depending on how someone might abuse your access rights.

如果使对象公开可读(如创建网站时一样)，则学习/猜测/知道您的对象名称等的任何人都可以访问它们.或实际上，如果存储桶是可读的，那么它们所需要的只是存储桶名称.除了加强S3访问权限外，没有其他解决方法.

If you make your objects publicly readable (as you do when you create a website), anyone who learns/guesses/knows your objects names etc can access them. Or indeed if the bucket is readable, then all they need is the bucket name. There is no real way around this except by tightening the S3 access permissions.

如果您仅从某些IP地址访问您的网站，则可以查看时段政策可能会有所帮助.向下滚动到限制对特定IP地址的访问.这不是密码，但是它确实允许您限制至少可以进行访问的位置.

If you only access your website from certain IP addresses, perhaps looking at Bucket Policies may help. Scroll down to Restricting Access to Specific IP Addresses. This is not a password but it does allow you to restrict where accesses can come from at least.

提供对对象的临时访问的另一种常用技术是查询字符串请求身份验证.但是，这与您最初保护S3存储桶网站的密码要求不符.

Another common technique for providing temporary access to objects is Query String Request Authentication. This does not however match your original requirement of password protecting your S3 bucket website.

这篇关于我可以从S3存储桶运行我的静态网站，并添加密码保护吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！