问题描述
我服务使用亚马逊S3存储一个静态的网站。我知道,我可以限制读取访问某些文件夹(真钥匙,因为S3没有文件夹),但我真的很想做的是通过文件扩展名限制访问。
I'm serving a static website using an Amazon S3 bucket. I know that I can limit read access to certain "folders" (really keys, since S3 doesn't have folders) but what I'd really like to do is limit access by file extension.
换句话说,我想说的是给读访问每个人在这个桶的任何文件,只要该文件HTM / CSS / JS / PNG结束;这可能吗?
In other words, I want to say "give read access to everyone for any file in this bucket, as long as that file ends in htm/css/js/png"; is that possible?
(顺便说一句,我担心的是,我会不小心上传git的文件,或类似的,我不希望展现给世界的东西;从被显示设置安全策略,以prevent此类文件似乎不是信任自己,永远不小心上传了错误的文件)更安全。
(As an aside, my concern is that I will accidentally upload a .git file, or something similar that I don't want to show to the world; setting a security policy to prevent such files from being shown seems safer than trusting myself to never accidentally upload the wrong file).
推荐答案
是的,这是可能的。你可以写一个桶政策。您可以使用常规的EX pressions定义哪些对象受您的策略(examples).
Yes, it's possible. You can write a Bucket Policy. You can use regular expressions to define which objects are affected by your policy (examples).
您政策将类似于:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "auniqueid",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket/*.jpg"
}
]
}
这将拒绝访问所有 JPG
的buket的文件斗
。
This will deny access to all jpg
files of the buket bucket
.
这篇关于如何限制在S3文件基于其扩展名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!