授予访问AWS S3桶/文件夹，用户无需AWS帐号 [英] Grant access to AWS S3 bucket/folder to users without AWS account

问题描述

我想打一个视频点播服务中使用AWS S3，我想我的每一个客户，以限制自己的桶/文件夹（其中一个方案是最好的。）。 我希望有一个客户端只能访问自己的桶/文件夹，但这些人是不会有一个AWS账户。

I want to make a Video On Demand service using AWS S3 , and I would like to restrict each of my clients to his own bucket/folder (which one schema is best..) . I want a client to have access only to his bucket/folder, but these people are not going to have an AWS account.

我看完了，还在读书，对IAM用户，角色和策略，但我还没有发现的东西指着我想要实现。

I read ,and still reading, about IAM users,roles and policies but I have not found something pointing to what I want to achieve.

推荐答案

如果你知道IP地址（或CIDR块），每一个客户，就可以限制你的水桶与策略。

If you know the IP address (or CIDR blocks) of each client, you can then restrict your bucket with a policy.

<一个href="http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc" rel="nofollow">http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc

HTTP：//docs.aws.amazon。 COM / AmazonS3 /最新的/ dev /例如桶，policies.html

另外，你可以只设立IAM占他们在自己的帐户，和范围及其相应的访问权限。这将让他们用很有限的AWS控制台的形式。你甚至可以写你的IAM策略，以便用户自动访问是这样的：

Alternatively, you could just set up IAM accounts for them within your own account, and scope their access accordingly. That would let them use a very limited form of the AWS Console. You can even write your IAM policies so that users automatically have access to something like:

s3://your-bucket/%username%/

这篇关于授予访问AWS S3桶/文件夹，用户无需AWS帐号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！