在不将IP列入白名单的情况下限制对S3托管网站的访问 [英] Restrict access to S3 hosted website without whitelisting ips

问题描述

我们有一个托管在AWS S3上的网站，我们打算仅由少数人访问.现在，我们在白名单中列出了允许的IP，如限制访问网站中所述托管在S3 .

We have a website hosted on AWS S3 that we intend to be accessed only by a limited group of people. Right now, we are white listing the allowed IPs, as described in Restrict access to website hosted on S3.

但是，某些必须访问该网站的人员没有静态ip，这迫使我们不断更新AWS策略上列入白名单的ip.

However, some of the people that must have access to this website don't have static ips, which forces us to constantly update the whitelisted ips on the AWS policy.

我很确定像客户端证书这样的东西应该可以工作，但是我不知道如何在AIM策略上实现它.是否有其他(更简单的)替代方法不依赖于IP是静态的呢?我猜在这种情况下将ssh密钥添加到AWS不会有任何好处，对吧?

I'm pretty sure something like client side certificates should work, but I have no idea how to implement that in terms of AIM policy. Any other (simpler) alternative that does not rely on the IPs being static? I'm guessing adding ssh keys to AWS wouldn't do any good in this case, right?

推荐答案

一种替代方法是设置基于用户的访问控制.您可以通过使用以下AWS服务来做到这一点.

One alternative approach is to setup user based access control. You can do this by using the following AWS services.

• AWS Cognito用户池
• AWS API网关
• AWS S3

步骤如下

1. 创建 AWS Cognito用户池
2. 使用经过身份验证的IAM角色在此处创建用户，以允许执行API网关.
3. 使用设置后，用户应该能够通过API网关登录和访问S3.

   After the setup, users should be able to login and access S3 through API Gateway.

   这篇关于在不将IP列入白名单的情况下限制对S3托管网站的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！