将Amazon S3网站终端节点限制为CloudFront [英] Restrict Amazon S3 website endpoint to CloudFront

问题描述

是否可以将Amazon S3网站终端节点仅限于CloudFront?我认为这对于S3其余端点是可行的，但我想知道是否有任何新的解决方法可以对S3网站端点进行此操作.

Is it possible to restrict an Amazon S3 website endpoint to CloudFront only? I see this is possible for S3 rest endpoints but was wondering if there were any new workarounds to do this for S3 website endpoints.

推荐答案

对于网站终结点，您可以使用存储桶策略仅允许CloudFront IP地址，而不是作为OAI进行限制，但仍然是一种方法. http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips

For website endpoint you can use bucket policy to allow only CloudFront IP address, not restrictive as OAI but still a way. http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips

对于S3作为来源，除非您使用lambda @ edge或AWS故意启用它，否则不使用CLOUDFRONT_REGIONAL_EDGE_IP_LIST IP地址，因此您只能允许CLOUDFRONT_GLOBAL_IP_LIST.

For S3 as an origin, CLOUDFRONT_REGIONAL_EDGE_IP_LIST IP address are not used unless you're using lambda@edge or AWS has enabled it intentionally so you can allow only CLOUDFRONT_GLOBAL_IP_LIST.

这篇关于将Amazon S3网站终端节点限制为CloudFront的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！