发表新帖
发表新帖

AWS S3 bucket policy - how to allow access only from my website?

后端 未结
关注
2 534
醉酒成梦
醉酒成梦 2021-01-05 03:36

I have a paperclip text file attachment (in Rails).

My bucket policy is:

{
    \"Version\": \"2008-10-17\",
    \"Id\": \"Policy123\",
    \"Statemen
相关标签:
2条回答
  • 予麋鹿
    2021-01-05 04:12

    Bucket policy :

    {
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originating from www.example.com and example.com.",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::00000000:user/example-user" // IAM User ARN
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-example/*", // bucket ARN
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "http://example.com/*" // Website link
                    ]
                }
            }
        }
    ]
}
    0 讨论(0)
  • 说谎
    2021-01-05 04:17

    You can check some examples in S3 Documentations

    To restrict the access from your web site, you can use the condition on Referrer:

    {
  "Version":"2008-10-17",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests referred by www.mysite.com and mysite.com",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::example-bucket/*",
      "Condition":{
        "StringLike":{
          "aws:Referer":[
            " http://www.mysite.com/*",
            " http://mysite.com/*"
          ]
        }
      }
    }
  ]
}
    0 讨论(0)
 看不清?
提交回复
热议问题