我正在尝试将对 Amazon S3 存储桶中的对象(媒体文件)的访问限制为特定的推荐域,privatewebsite.com ,使用存储桶策略,但无论引用的域如何,都会拒绝访问。
我对阻止公共(public)访问有以下设置
Block public access to buckets and objects granted through new access control lists (ACLs) - On
Block public access to buckets and objects granted through any access control lists (ACLs) - On
Block public access to buckets and objects granted through new public bucket policies - Off
Block public and cross-account access to buckets and objects through any public bucket policies - Off
我添加了以下代码、带有和不带有 http://和 https://的 URL,但仍然被拒绝访问。 (privatewebsite.com, https://privatewebsite.com, http://privatewebsite.com)
{
"Version": "2012-10-17",
"Id": "Policy8675309",
"Statement": [
{
"Sid": "Stmt8675309",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-media-bucket/*",
"Condition": {
"StringLike": {
"aws:Referer": "https://privatewebsite.com"
}
}
},
{
"Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-media-bucket/*",
"Condition": {
"StringNotLike": {
"aws:Referer": [
"https://privatewebsite.com/*",
"http://privatewebsite.com/*"
]
}
}
}
]
}
我希望此政策允许来自 privatewebsite.com 上的页面的任何请求,同时拒绝所有其他请求,但目前所有请求都被拒绝。
最佳答案
来自 Bucket Policy Examples - Restricting Access to a Specific HTTP Referrer :
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests originating from www.example.com and example.com.",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::examplebucket/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"http://www.example.com/*",
"http://example.com/*"
]
}
}
}
]
}
此方法仅授予
Allow访问给定的Referer。无需使用 Deny使用它的策略,因为默认情况下拒绝访问。因此,只有 Allow授予权限。
关于json - Amazon S3 存储桶策略只允许访问特定的 http,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56227723/