AWS Bucket Policy,用于限制对存储区的公共访问,但允许引用域

Question

我有以下Bucket Policy:

{
"Version": "2008-10-17",
"Id": "MyDomainpremiumflvfiles",
"Statement": [
    {
        "Sid": "Allow get requests to specific referrers",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::premiumflvfiles/*",
        "Condition": {
            "StringLike": {
                "aws:Referer": [
                    "http://mydomain.com/*",
                    "http://www.mydomain.com/*"
                ]
            }
        }
    },
    {
        "Sid": "Allow CloudFront get requests",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::123456789:root"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::premiumflvfiles/*"
    }
]
}

其中123456789已替换为我的正确客户ID,并且mydomain已替换为正确的域.

我已经取消了公共访问权限,但是当我这样做时,我无法访问引用域中的文件.我确定我错过了一些明显的东西,但我无法理解.

谢谢你的帮助.

Answer 1

这将帮助您生成有效的策略AWS 策略生成器