我可以在同一个Cloudfront发行版上使用已签名和未签名的网址吗?
tim*_*son 10 amazon-s3 amazon-web-services amazon-cloudfront
标题或多或少都说明了一切.从Cloudfront管理控制台的"限制查看器访问"部分(下图)使用单选按钮这一事实来看,它似乎是一种情况.
问题:是否有其他方法可以解析一个S3的存储桶,使其既可以公开(也可以是任何人查看),也可以包含私有(即签名网址)内容?
我可以回答我自己的问题.是的,您可以在同一个Cloudfront发行版中拥有已签名和未签名的URL.在下面的示例中,调用了我的发行版blahblah.cloudfront.com.关键是要指定两个"原始服务器".一个用于签名的URL,另一个用于未签名的URL.
->AWS Management Console->Cloudfront->Distribution settings of selected Distribution
->Origins: create both origins (e.g., pointing to 2 different S3 buckets)
->Behaviors: create "path patterns" for each origin such that Cloudfront can
distinguish which origin the Cloudfront url points to. E.g., in my S3 bucket named
"tim-UNsigned-bucket" I set the path pattern to `uploads/*`. For my signed url bucket,
I gave it the more general path pattern of `*` and prioritized it 2nd.
As you can see below, this means that my unsigned url includes the path, uploads/,
whereas my signed does not.
生成的Cloudfront网址结构:
签名网址:
https:// or http://blahblah.cloudfront.com/file1.jpg?Policy=asf...未签名的网址:
https:// or http://blahblah.cloudfront.com/uploads/file2.jpg
注意:进行任何这些更改都需要几分钟(5-15分钟)进行更新.因此,尽最大努力使所有在我的方向配合失误,否则可能它会带你永远最少的变化.
| 归档时间: |
|
| 查看次数: |
1170 次 |
| 最近记录: |