rig*_*gyt 6 ruby-on-rails amazon-s3 paperclip
我有一个回形针文本文件附件(在Rails中).
我的存储桶政策是:
{
"Version": "2008-10-17",
"Id": "Policy123",
"Statement": [
{
"Sid": "Stmt123",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
我想限制访问这些操作只有在我的网站发出请求时才允许.只是将其更新为"Principal":{"AWS":"mywebsite.com"}?
您可以查看S3 Documentations中的一些示例
要限制从您的网站访问,您可以使用Referrer上的条件:
{
"Version":"2008-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.mysite.com and mysite.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
" http://www.mysite.com/*",
" http://mysite.com/*"
]
}
}
}
]
}
小智 6
桶政策:
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests originating from www.example.com and example.com.",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::00000000:user/example-user" // IAM User ARN
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-example/*", // bucket ARN
"Condition": {
"StringLike": {
"aws:Referer": [
"http://example.com/*" // Website link
]
}
}
}
]
}
| 归档时间: |
|
| 查看次数: |
2147 次 |
| 最近记录: |