AWS S3公共对象还是私有对象? [英] AWS S3 Public Object vs Private Object?

问题描述

在S3中，我有要在应用程序中显示的存储桶中图像的URL，但是这些图像被设置为私有.当我尝试单击链接时，它显示为拒绝访问".当我将链接的设置更改为public时，它会通过，但是我读到公共访问并不是最安全的事情.所以这本质上是一个两部分的问题，

Back in S3, I have URL's to images in my bucket that I will be presenting in my application, however they are set private. When I try to click on the link, it reads "access denied". When I change the setting of the link to public, It goes through, however I've read that public access isn't the safest thing. So this is essentially a two part question,

1)存储桶中的公共链接和私有链接/对象有什么区别?

1) What is the difference between a public and private link/Object in a bucket?

2)我如何使自己和用户都可以访问存储桶中的私有链接/对象?

2)And how can i make a private link/object in my bucket accessible to both myself and my users?

推荐答案

私有对象需要身份验证；公共对象没有.

Private objects require authentication; public objects do not.

关于您的评论公共访问不是最安全的事情"，在确定是否将S3对象公开时，通常需要考虑以下几点:

With regard to your comment "public access isn't the safest thing", you typically need to consider a couple of things when deciding whether or not to make an S3 object public:

1. [主要] 任何人都可以下载吗?如果对象的内容是您不应该与世界共享的东西，例如用户的家庭照片，那么答案是否".
2. [minor]您是否想每次不知名的人下载对象时付款.作为存储桶拥有者，您需要为数据传输支付费用(除非您选择请求者付款"，在这种情况下，请求者需要进行身份验证).

1. [major] is it OK for anyone to download it? If the content of the object is something that you should not be sharing with the world, for example a user's family photos, then the answer is "no".
2. [minor] do you want to pay every time some unknown person downloads an object. As the bucket owner, you pay for data transfer out (unless you opt for 'requester pays' in which case the requester needs to authenticate).

至少有两种方法可以使用户可以使用私有 S3对象，而全世界的用户都无法使用它们:

There are at least two ways that you can make private S3 objects available to your users without them being accessible to the entire world:

1. 使用对象的限时预签名URL(请参阅本文)
2. 代理会自行下载对象，以便对对象的所有请求都发送到您的应用服务器，因此可以限制为通过身份验证的会话.

这篇关于AWS S3公共对象还是私有对象?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！