问题描述

我试图让Cloudflare作为S3上托管的文件的CDN，其方式是没有人可以直接访问文件。例如：

I am trying to have Cloudflare to act as CDN for files hosted on S3, in a way that nobody can access the files directly. For example:

S3存储桶： c> $

I have tried changing the AllowedOrigin with *.mydomain.com, but no luck.

推荐答案

我找到了解决方案。

You have to edit the bucket policy, not the CORS. And instead of allowing your domain, like that article says, to have access to the bucket, you have to allow CloudFlare IP's. For the reference, here is the list of IP's: https://www.cloudflare.com/ips

以下是使用CloudFlare的存储桶策略示例：

Here is the bucket policy sample to work with CloudFlare:

    {
        "Sid": "SOME_STRING_ID_HERE",
        "Effect": "Allow", // or deny
        "Principal": {"AWS": "*"}, // or whatever principal you want
        "Action": "s3:GetObject", // or whatever action you want
        "Resource": "arn:aws:s3:::cdn.mydomain.com/*", // or whatever resource you want
        "Condition": {
            "IpAddress": {
                "aws:SourceIp": [
                    "103.21.244.0/22",
                    "103.22.200.0/22",
                    "103.31.4.0/22",
                    "104.16.0.0/12",
                    "108.162.192.0/18",
                    "131.0.72.0/22",
                    "141.101.64.0/18",
                    "162.158.0.0/15",
                    "172.64.0.0/13",
                    "173.245.48.0/20",
                    "188.114.96.0/20",
                    "190.93.240.0/20",
                    "197.234.240.0/22",
                    "198.41.128.0/17",
                    "199.27.128.0/21"
                ]
            }
        }
    }

这篇关于S3与Cloudflare不允许直接访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！