AWS s3“公共访问" [英] AWS s3 "public access"

问题描述

在执行权限"->访问控制"->公共访问"时，我可以勾选所有人"选项.

When going through my bucket Permissions --> Access Control --> Public access, I can tick the 'Everyone' option.

这是否意味着每个人 都可以访问该存储桶文件(给定URL)?

Does that mean that literally everyone will have access to this bucket files (given the url) ?

无论我是否是文件的所有者，我如何授予通过我的用户池连接的每个人的访问权限?

How can I give access to everyone connected through my user pool regardless of being the owner or not of a file ?

推荐答案

是的，如果将访问控制公开，则全世界应该可以访问它.您可以做的是设置存储桶策略以限制对存储桶的访问.在存储桶策略中，您可以指定要连接的用户.请在下面找到示例存储桶策略，

Yes if you give access control public then it should accessible by the entire world. What you can do is to set a bucket policy to restrict access to your bucket. In bucket policy, you can specify the users you want to connect. Please find a sample bucket policy below,

{
	"Version": "2012-10-17",
	"Id": "Policy12345",
	"Statement": [
		{
			"Sid": "Stmt12345",
			"Effect": "Allow",
			"Principal": "*", //* means public . Specify your users here
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::BUCKETNAME/*"
		}
	]
}

在主体"部分中，提到要连接的用户(逗号分隔).举例来说，如果您必须在ARN中添加主体，

In the 'Principal' section mention the users you want to connect (comma separated). Say for example if you have to ARNs to add in principal then,

 "Principal" :  {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666‌​:root"]} 

如果只有一个，

"Principal" : {"AWS" : "arn:aws:iam::111122223333:root"}

请在此处

如果要对象级权限而不是存储区级权限，请访问访问控制列表.请在此处

If you want object level permission instead of bucket level permission then go for access control list. Please find more details here

这篇关于AWS s3“公共访问"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！