设置 AWS S3 存储桶权限
Setting up AWS S3 bucket permissions
我有一个 s3 存储桶(例如 mybucket),目前权限设置如下:
Block all public access
On
|
|_Block public access to buckets and objects granted through new access control lists (ACLs)
| On
|
|_Block public access to buckets and objects granted through any access control lists (ACLs)
| On
|
|_Block public access to buckets and objects granted through new public bucket or access point policies
| On
|
|_Block public and cross-account access to buckets and objects through any public bucket or access point policies
On
在这个桶里我有两个文件夹:
images (e.g. https://mybucket.s3.us-west-2.amazonaws.com/images/puppy.jpg)
private (e.g. https://mybucket.s3.us-west-2.amazonaws.com/private/mydoc.doc)
我希望图像文件夹可以公开访问,以便我可以在我的网站上显示图像
我希望私人文件夹受到限制,只能使用 IAM 帐户以编程方式访问
如何设置这些权限?我试过关闭上述权限,我也点击了图片
并根据操作,单击 'make public'。然后我尝试上传以下内容:
$image = Image::make($file->getRealPath())->resize(360, 180);
Storage::disk('s3')->put($filePath, $image->stream());
文件已上传,但当我尝试按如下方式显示图像时出现 403 错误:
<img src="{{ Storage::disk('s3')->url($file->path) }}" />
要下载私人文档,我有以下内容:
$response = [
'Content-Type' => $file->mime_type,
'Content-Length' => $file->size,
'Content-Description' => 'File Transfer',
'Content-Disposition' => "attachment; filename={$file->name}",
'Content-Transfer-Encoding' => 'binary',
];
return Response::make(Storage::disk('s3')->get($file->path), 200, $response);
设置这些权限的正确方法是什么?
在有人开始大喊我是 S3 存储的新手之前,请多多包涵。
如有任何帮助和指导,我们将不胜感激。
Amazon S3 阻止 Public 访问是一种存储桶级别的配置,它将阻止您在该存储桶中创建任何对象 public。所以,如果你想制作一个或多个对象 public,例如images/*,那么您需要为此存储桶禁用 S3 Block Public Access。
当然,就其本身而言,它不会构成您的任何物品 public。默认情况下,S3 存储桶是私有的。要在 images/ public 中创建对象,您需要配置 S3 存储桶策略,例如:
{
"Id": "id101",
"Statement": [
{
"Sid": "publicimages",
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/images/*",
"Principal": "*"
}
]
}
我有一个 s3 存储桶(例如 mybucket),目前权限设置如下:
Block all public access
On
|
|_Block public access to buckets and objects granted through new access control lists (ACLs)
| On
|
|_Block public access to buckets and objects granted through any access control lists (ACLs)
| On
|
|_Block public access to buckets and objects granted through new public bucket or access point policies
| On
|
|_Block public and cross-account access to buckets and objects through any public bucket or access point policies
On
在这个桶里我有两个文件夹:
images (e.g. https://mybucket.s3.us-west-2.amazonaws.com/images/puppy.jpg)
private (e.g. https://mybucket.s3.us-west-2.amazonaws.com/private/mydoc.doc)
我希望图像文件夹可以公开访问,以便我可以在我的网站上显示图像
我希望私人文件夹受到限制,只能使用 IAM 帐户以编程方式访问
如何设置这些权限?我试过关闭上述权限,我也点击了图片 并根据操作,单击 'make public'。然后我尝试上传以下内容:
$image = Image::make($file->getRealPath())->resize(360, 180);
Storage::disk('s3')->put($filePath, $image->stream());
文件已上传,但当我尝试按如下方式显示图像时出现 403 错误:
<img src="{{ Storage::disk('s3')->url($file->path) }}" />
要下载私人文档,我有以下内容:
$response = [
'Content-Type' => $file->mime_type,
'Content-Length' => $file->size,
'Content-Description' => 'File Transfer',
'Content-Disposition' => "attachment; filename={$file->name}",
'Content-Transfer-Encoding' => 'binary',
];
return Response::make(Storage::disk('s3')->get($file->path), 200, $response);
设置这些权限的正确方法是什么?
在有人开始大喊我是 S3 存储的新手之前,请多多包涵。
如有任何帮助和指导,我们将不胜感激。
Amazon S3 阻止 Public 访问是一种存储桶级别的配置,它将阻止您在该存储桶中创建任何对象 public。所以,如果你想制作一个或多个对象 public,例如images/*,那么您需要为此存储桶禁用 S3 Block Public Access。
当然,就其本身而言,它不会构成您的任何物品 public。默认情况下,S3 存储桶是私有的。要在 images/ public 中创建对象,您需要配置 S3 存储桶策略,例如:
{
"Id": "id101",
"Statement": [
{
"Sid": "publicimages",
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/images/*",
"Principal": "*"
}
]
}