卓:我在哪里可以看到原始访问身份列表?
AWS: Where do I see a list of origin access identities?
当我创建 CloudFront 分配时,创建了一个 源访问身份 ,以便 CloudFront 可以使用它来访问 S3 存储桶。但是我在哪里可以看到它?我浏览了 IAM 链接,但找不到此类访问身份的列表。
当您添加 Origin Access Identity 时,它会向 S3 存储桶添加一个策略。检查 this 文档中的以下示例策略。
{
"Version":"2012-10-17",
"Id":"PolicyForCloudFrontPrivateContent",
"Statement":[
{
"Sid":" Grant a CloudFront Origin Identity access to support private content",
"Effect":"Allow",
"Principal":{"CanonicalUser":"79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be"},
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*"
}
]
}
您可以从 CloudFront 控制台创建和编辑源访问身份。
Principal声明中指定源访问身份的格式为:
"Principal": {"CanonicalUser": "Amazon S3 Canonical User ID"}
或者
"Principal": {"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <ORIGIN_ACCESS_IDENTITY_ID>"}
例如:
{
"Version": "2012-10-17",
"Id": "Policy1476619022955",
"Statement": [
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity D3KJWPO38AQ6YV"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::static.example.com/*"
}
]
}
见Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content。
源访问身份不是 IAM 用户或角色。可以通过以下方式查看源访问身份:
- Web 控制台:单击面板上的 Origin Access Identity
Cloudfront 仪表板的左侧
CLI工具:运行以下命令
aws cloudfront list-cloud-front-origin-access-identities --output json
当我创建 CloudFront 分配时,创建了一个 源访问身份 ,以便 CloudFront 可以使用它来访问 S3 存储桶。但是我在哪里可以看到它?我浏览了 IAM 链接,但找不到此类访问身份的列表。
当您添加 Origin Access Identity 时,它会向 S3 存储桶添加一个策略。检查 this 文档中的以下示例策略。
{
"Version":"2012-10-17",
"Id":"PolicyForCloudFrontPrivateContent",
"Statement":[
{
"Sid":" Grant a CloudFront Origin Identity access to support private content",
"Effect":"Allow",
"Principal":{"CanonicalUser":"79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be"},
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*"
}
]
}
您可以从 CloudFront 控制台创建和编辑源访问身份。
Principal声明中指定源访问身份的格式为:
"Principal": {"CanonicalUser": "Amazon S3 Canonical User ID"}
或者
"Principal": {"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <ORIGIN_ACCESS_IDENTITY_ID>"}
例如:
{
"Version": "2012-10-17",
"Id": "Policy1476619022955",
"Statement": [
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity D3KJWPO38AQ6YV"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::static.example.com/*"
}
]
}
见Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content。
源访问身份不是 IAM 用户或角色。可以通过以下方式查看源访问身份:
- Web 控制台:单击面板上的 Origin Access Identity Cloudfront 仪表板的左侧
CLI工具:运行以下命令
aws cloudfront list-cloud-front-origin-access-identities --output json