AWS s3“公共访问" [英] AWS s3 "public access"
问题描述
在执行权限"->访问控制"->公共访问"时,我可以勾选所有人"选项.
When going through my bucket Permissions --> Access Control --> Public access, I can tick the 'Everyone' option.
这是否意味着每个人 都可以访问该存储桶文件(给定URL)?
Does that mean that literally everyone will have access to this bucket files (given the url) ?
无论我是否是文件的所有者,我如何授予通过我的用户池连接的每个人的访问权限?
How can I give access to everyone connected through my user pool regardless of being the owner or not of a file ?
推荐答案
是的,如果将访问控制公开,则全世界应该可以访问它.您可以做的是设置存储桶策略以限制对存储桶的访问.在存储桶策略中,您可以指定要连接的用户.请在下面找到示例存储桶策略,
Yes if you give access control public then it should accessible by the entire world. What you can do is to set a bucket policy to restrict access to your bucket. In bucket policy, you can specify the users you want to connect. Please find a sample bucket policy below,
{
"Version": "2012-10-17",
"Id": "Policy12345",
"Statement": [
{
"Sid": "Stmt12345",
"Effect": "Allow",
"Principal": "*", //* means public . Specify your users here
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::BUCKETNAME/*"
}
]
}
在主体"部分中,提到要连接的用户(逗号分隔).举例来说,如果您必须在ARN中添加主体,
In the 'Principal' section mention the users you want to connect (comma separated). Say for example if you have to ARNs to add in principal then,
"Principal" : {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]}
如果只有一个,
"Principal" : {"AWS" : "arn:aws:iam::111122223333:root"}
请在此处
如果要对象级权限而不是存储区级权限,请访问访问控制列表.请在此处
If you want object level permission instead of bucket level permission then go for access control list. Please find more details here
这篇关于AWS s3“公共访问"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!