问题描述
我正在开发一个移动应用程序,它将允许任何人将文件上传到S3存储桶.我想我将使用Amazon提供的匿名令牌自动售货机.
I'm developing a mobile application which will let anyone upload a file to an S3 bucket. I think I'll use the Anonymous Token Vending Machine that is provided by Amazon.
但是,我看不到如何编写 TokenVendingMachinePolicy.json 文件,该文件仅允许上传新文件,而不能覆盖(有效删除).我认为只允许 s3:PutObject 会很好,但是看来 s3:PutObject 权限允许两者都允许.这似乎有点奇怪,因为有一个单独的 s3:DeleteObject 权限,这是无用的,因为您始终可以用0长度的对象覆盖.
However, I can't see how to write a TokenVendingMachinePolicy.json file that will only allow uploading new files, not overwriting (effectively deleting). I thought allowing just s3:PutObject would be fine, but it appears the s3:PutObject permission allows both. This seems a bit strange, since there's a separate s3:DeleteObject permission, which is useless, since you can just overwrite with 0-length object anyway.
有什么方法只能允许上传新文件吗?通常如何解决此问题?
Is there any way to only allow uploading new files? How is this problem usually solved?
推荐答案
很遗憾,它不可能具有一次写入权限.一种解决方法是在存储桶上使用版本控制.
Unfortunately it's not possible to have a write-once permission. A workaround would be to use versioning on your bucket.
有关类似问题的详细答案,请参见以下答案:
See this answer to a similar question that explains it in detail:
这篇关于Amazon S3策略仅允许上传而不会覆盖的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!