访问公共AWS S3桶 [英] Access a public AWS s3 bucket

问题描述

一群美国朋友在做一个项目的map-reduce和工作在一个共同的数据集。我的朋友上传了使用他的AWS账户上的S3存储数据，并设置S3斗政策，这样的：

A group of us friends are doing a project in map-reduce and are working on a common data set. My friend has uploaded the data on an s3 bucket using his AWS account and has set the s3 bucket policy to this:

{
    "Version": "2008-10-17",
    "Id": "Policy1417380373111",
    "Statement": [
        {
            "Sid": "Stmt1417380310953",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket-name>/*"
        },
        {
            "Sid": "Stmt1417380367754",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::<bucket-name>/*"
        }
    ]
}

注：在上面的策略被设定为铲斗的名称

Note: The in the above policy is set to the name of the bucket.

现在我该怎么安装这个公共铲斗S3水桶在我的AWS一个帐户？

Now how can I mount this public bucket as one of s3 buckets in my aws account?

推荐答案

显示会允许任何人上传的桶政策（ PutObject ）和下载（ GetObject的）从指定的Amazon S3的桶中。

The bucket policy displayed will permit anyone to Upload (PutObject) and Download (GetObject) from the indicated Amazon S3 bucket.

然而，将不会允许桶中，这是最有可能需要为地图-降低运营列表。所以，我也建议授予的水桶本身 ListBucket 权限：

However, it will not allow listing of the bucket, which is most likely required for your map-reduce operations. So, I would also recommend granting ListBucket permissions on the bucket itself:

{
  "Id": "SomeID",
  "Statement": [
    {
      "Sid": "SomeID",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::<bucket-name>",
        "arn:aws:s3:::<bucket-name>/*"
      ],
      "Principal": {
        "AWS": [
          "123456789012"
        ]
      }
    }
  ]
}

另外，不建议授予公共访问你的水桶。相反，你的朋友应该输入您的帐号在主要字段，这样就可以访问数据，但没有人可以访问它。

Also, it is not recommended to grant public access to your bucket. Instead, your friend should enter your Account Number in the Principal field, so that you can access the data but nobody else can access it.

这一切都将让你的水桶访问，但它不会出现在您的Amazon S3管理控制台，也不能摩的斗到自己的帐户。但是，您将能够列出，获取和Put对象。

All of this will make your bucket accessible, but it will not appear in your Amazon S3 management console, nor can you "mount" the bucket to your own account. However, you will be able to List, Get and Put objects.

您可以使用AWS命令行界面（CLI）进行测试。尝试列出共享桶的内容，或将文件复制到它：

You can test this with the AWS Command Line Interface (CLI). Try listing the contents of the shared bucket, or copy a file to it:

$ aws s3 ls s3://<bucket-name>
$ aws s3 cp file.txt s3://<bucket-name>/file.txt

这篇关于访问公共AWS S3桶的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！