Amazon S3访问控制-谁可以上传文件?
Amazon S3 access control-Who can upload files?
我有一个使用 Amazon S3 创建的静态网站。我设置的唯一权限是通过亚马逊教程中提供的存储桶策略:
{
"Version":"2012-10-17",
"Statement": [{
"Sid": "Allow Public Access to All Objects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.com/*"
}
]
}
显然,此策略使 public 能够查看存储在我存储桶中的任何文件,这是我想要的。我的问题是,仅此一项政策是否足以防止其他人上传文件 and/or 劫持我的网站?我希望 public 能够访问存储桶中的任何文件,但我想成为唯一具有列表、上传和删除权限的人。考虑到我的存储桶策略仅涉及查看权限,这是我存储桶的当前行为吗?
来自该文档:
When a request is made, the AWS service decides whether a given
request should be allowed or denied. The evaluation logic follows
these rules:
By default, all requests are denied. (In general, requests made using
the account credentials for resources in the account are always
allowed.)
An explicit allow overrides this default.
An explicit deny overrides any allows.
因此,只要您不明确允许其他访问,就应该没问题。我有一个托管在 S3 上的静态站点,并且我有相同的访问策略。
我有一个使用 Amazon S3 创建的静态网站。我设置的唯一权限是通过亚马逊教程中提供的存储桶策略:
{
"Version":"2012-10-17",
"Statement": [{
"Sid": "Allow Public Access to All Objects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.com/*"
}
]
}
显然,此策略使 public 能够查看存储在我存储桶中的任何文件,这是我想要的。我的问题是,仅此一项政策是否足以防止其他人上传文件 and/or 劫持我的网站?我希望 public 能够访问存储桶中的任何文件,但我想成为唯一具有列表、上传和删除权限的人。考虑到我的存储桶策略仅涉及查看权限,这是我存储桶的当前行为吗?
来自该文档:
When a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:
By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.)
An explicit allow overrides this default.
An explicit deny overrides any allows.
因此,只要您不明确允许其他访问,就应该没问题。我有一个托管在 S3 上的静态站点,并且我有相同的访问策略。