Amazon AWS 访问密钥的安全性如何? [英] How secure are Amazon AWS Access keys?

问题描述

我想为我的 s3 存储桶提供具有到期日期的预签名 URL..net sdk 很好地生成了这些 url，但看着它们让我有点担心:

I want to offer presigned urls to my s3 buckets with an expiry date. The .net sdk nicely generates these urls, but looking at them makes me worry a little:

https://s3.amazonaws.com/upload_youtipit/myfile?AWSAccessKeyId=**MYACCESSKEY**&Expires=1317924047&response-content-disposition=attachment;filename=feedback.jpg&response-content-type=image/jpeg&Signature=podKJSrNeFel6%2B0aOneb342H5GA%3D

为什么需要将我的(公共)AWSAccessKey 放在 Url 中?这不应该保密一点吗?我知道这不是秘密，但我仍然不愿意在公共场合公开它..

Why does it need to put my (public) AWSAccessKey in the Url? Shouldn't this be kept a bit more confidential? I know its not the secret, but I still don't feel comfortable exposing it in public..

拥有我的公钥的人猜测/暴力破解我的私钥的可能性有多大?

How likely is it that, somebody who has my public key, can guess/bruteforce my private key?

推荐答案

Access Key ID 不是秘密，不需要保护.

The Access Key ID is not a secret and does not need protecting.

事实上，如果您希望陌生人访问 S3 对象，您可以将过期的 URL 提供给随机的陌生人.他们可以看到该 URL 中的访问密钥，但不能对其进行任何未经您授权的操作.

In fact, you can give expiring URLs to random strangers if you want them to access an S3 object. They can see the access key in that URL, but can't do anything with it that you have not authorized.

参考:http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/关于AWSCredentials.html#AccessKeys

这篇关于Amazon AWS 访问密钥的安全性如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！