授予访问AWS S3桶/文件夹,用户无需AWS帐号 [英] Grant access to AWS S3 bucket/folder to users without AWS account
问题描述
我想打一个视频点播服务中使用AWS S3,我想我的每一个客户,以限制自己的桶/文件夹(其中一个方案是最好的。)。 我希望有一个客户端只能访问自己的桶/文件夹,但这些人是不会有一个AWS账户。
I want to make a Video On Demand service using AWS S3 , and I would like to restrict each of my clients to his own bucket/folder (which one schema is best..) . I want a client to have access only to his bucket/folder, but these people are not going to have an AWS account.
我看完了,还在读书,对IAM用户,角色和策略,但我还没有发现的东西指着我想要实现。
I read ,and still reading, about IAM users,roles and policies but I have not found something pointing to what I want to achieve.
推荐答案
如果你知道IP地址(或CIDR块),每一个客户,就可以限制你的水桶与策略。
If you know the IP address (or CIDR blocks) of each client, you can then restrict your bucket with a policy.
<一个href="http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc" rel="nofollow">http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc
HTTP://docs.aws.amazon。 COM / AmazonS3 /最新的/ dev /例如桶,policies.html
另外,你可以只设立IAM占他们在自己的帐户,和范围及其相应的访问权限。这将让他们用很有限的AWS控制台的形式。你甚至可以写你的IAM策略,以便用户自动访问是这样的:
Alternatively, you could just set up IAM accounts for them within your own account, and scope their access accordingly. That would let them use a very limited form of the AWS Console. You can even write your IAM policies so that users automatically have access to something like:
s3://your-bucket/%username%/
这篇关于授予访问AWS S3桶/文件夹,用户无需AWS帐号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!