在AWS S3上托管静态站点-授予只读访问权限 [英] Host a static site on AWS S3 - granting read only access
问题描述
我想在AWS S3上托管一个简单的静态站点.
I want to host a simple static site on AWS S3.
考虑到我的站点是静态站点,我唯一要授予的权限是只读访问权限.
The only thing I want is to grant is READ-ONLY access, considering that mine is a static site.
对于类似的问题,前段时间我在某处找到了此存储桶策略以克服访问问题
For a similar problem, some time ago I found somewhere this bucket policy to overcome access problems
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::enrico-site/*"
}
]
}
现在,我只需复制并粘贴此政策,就会收到警告提示
Now I simply copy and paste this policy and I get a warning stating
从策略的内容来看,它似乎只授予GET和READ权限,但是在安全性方面我还不是专家.
Looking at the content of the policy, it seems it grants only GET and READ permissions, but I am far from an expert when it comes to security.
考虑到我想授予任何人访问存储桶的静态内容的权限,即只读但没有写权限,我该怎么办?我应该为收到的警告担心吗?
Considering that I want to grant anybody to access the static content of the bucket, i.e. READ ONLY but no WRITE permission, what is that I should do? Should I worry for the warning I get ?
推荐答案
您正确的是,上述策略使任何人都可以获取/下载存储桶中的任何对象.如果您只想将存储桶用于网站托管目的,这是很好"的操作,则可以忽略该警告.
You are correct that above policy enables anyone to get/download any object in your bucket. If you wish to use the bucket only for website hosting purpose this is "fine" and you can ignore the warning.
但是,如果您只想公开特定的对象,例如索引页等,您可以摆脱存储桶策略,而使用对象ACL 只能使这些文件/对象公开可用. AWS还具有相当详细的教程.
However, if you want to make only specific objects public e.g. index page etc., you can get rid of the bucket policy and instead use object ACL only to make those files/objects publicly available. AWS has a fairly detailed tutorial as well.
这篇关于在AWS S3上托管静态站点-授予只读访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!