问题描述

我正在寻找一种策略组合，以仅使用特定令牌/符号字符串访问S3存储桶中的静态网站.我的意思是，是否有可能使静态网站默认情况下不是所有人都可读的，而是可以使用http://mybucket.s3-website-location.amazonaws.com/myfolder/index.html?sign=XXXXX之类的临时网站来访问的?通过此调用，您还应该可以访问"myfolder"文件夹中的所有树.

I'm looking for a combination of policies to access a static website in a S3 bucket only with a certain token/sign string.I mean, is it possibile to make the static website not readable by everyone by default but temporary accessible with something like http://mybucket.s3-website-location.amazonaws.com/myfolder/index.html?sign=XXXXX?With this call you should also have access to all the tree in the "myfolder" folder.

推荐答案

您只能使用带到期时间的带签名的S3 URL一次对单个URL执行此操作.无法创建可以附加到一组URL中的任何签名的签名，这些签名将使它们全部与签名一起使用，但没有签名就无法使用.

You can only do this for a single URL at a time, using a signed S3 URL with an expiration time. There is no way to create a signature that can be appended to any of a group of URLs that will make them all work with the signature, but not work without it.

对不起.

但是，使用实际的网站作为前端相当容易.您必须对网站进行编码，才能将每个请求重定向到特定于该对象的已签名URL.为此，您需要一个EC2实例来运行您编写的代码.但是到目前为止，S3还没有办法独自完成所有操作.

However, this is fairly easy to do with an actual website as a front end. You'd have to code the website to redirect every request to a signed URL specific to that object. To do that, you'd need an EC2 instance that runs the code you write. But as of now, S3 doesn't have a way to do this all by itself.

这篇关于Amazon S3保护静态网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！