用于将照片匿名上传到存储桶的 Amazon S3 存储桶策略 [英] Amazon S3 bucket policy for anonymously uploading photos to a bucket

问题描述

我计划使用 Amazon S3 让用户从 iPhone 上传照片，然后让它们公开可见.

I am planning on using Amazon S3 to let users upload photos from an iPhone and then let them be publicly viewable.

我在理解如何在存储桶策略中设置这些安全约束时遇到了一些问题:

I am having some trouble understanding how to set up these security constraints in the bucket policy:

• 每个人都可以阅读每个文件.
• 每个人都可以上传最大为 256K 的新文件.
• 没有人可以删除任何文件.
• 没有人可以修改任何文件.

推荐答案

好的，我最终解决了.唯一的问题是您不能为添加文件和更新文件设置不同的权限.它们都被 s3:PutObject 覆盖.此外，似乎不可能限制文件大小.

Ok I sort of worked it out in the end. The only thing is that you can't set different permissions on adding files and updating files. They are all covered by s3:PutObject. Also, it doesn't seem possible to restrict file size.

{
    "Version": "2008-10-17",
    "Id": "policy",
    "Statement": [
        {
            "Sid": "allow-public-read",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*"
        },
    {
            "Sid": "allow-public-put",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucket/*"
        }
  ]
}

这篇关于用于将照片匿名上传到存储桶的 Amazon S3 存储桶策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！