Amazon S3存储桶通过权限或策略原因的公共访问 [英] Amazon S3 bucket public access via permission or policy causes

问题描述

我研究了

I researched this and other topics. I create a new bucket "ilya_test_1" on Amazon S3. I add permission to Everyone with Upload/Delete enabled. I leave my default private permission untouched. I upload image to the bucket root.

我尝试通过浏览器浏览到我的图像，并得到AccessDenied.此存储桶中的所有内容都不应公开访问吗?

I try to browse via browser to my image and I get AccessDenied. Shouldn't everything in this bucket be public accessible?

我不明白的是，如果我已经授予对所有人的访问权限，为什么需要设置以下存储桶策略?

What I do not understand is why do I need to set the below bucket policy if I have already granted access to Everyone?

注意:如果我为所有人和此存储桶策略设置了权限，则访问有效.

NOTE: access works if I set permissions to Everyone AND this bucket policy.

{
"Version": "2008-10-17",
"Statement": [
    {
        "Sid": "AllowPublicRead",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::ilya_test_1/*"
    }
]

}

推荐答案

您正在授予上传权限.但是在上载中，标题可以将文件设置为公共或私有.也许是在上传时将标头设置为私有的吗?

You are giving permission to upload. But in the upload, the headers can set the file to public or private. Perhaps something is setting the header to private on upload?

(此外，在S3上进行公开编写通常也是一个坏主意.您应该拥有一台服务器，该服务器分发客户端可以将其PUT/POST到的已签名S3 URL.为什么?因为您可以更轻松地防止滥用(限制大小)上传数量，每个IP的上传数量限制等)

(Also, it's generally a bad idea to have public write on S3. You should have a server that hands out signed S3 URLs that your client can PUT/POST to. Why? Because you can more easily prevent abuse (limit size of upload, limit number of uploads per IP, etc.)

这篇关于Amazon S3存储桶通过权限或策略原因的公共访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！