I am using a PHP library to upload a file to my bucket. I have set the ACL to public-read-write and it works fine but the file is still private.
我正在使用PHP库将文件上传到我的存储桶。我已将ACL设置为public-read-write,但它工作正常但该文件仍然是私有的。
I found that if I change the Grantee to Everyone it makes the file public. What I want to know is how do I make the default Grantee on all objects in my bucket to be set to "Everyone". Or is there another solution to make files public by default?
我发现,如果我将受赠人更改为Everyone,则会将该文件公开。我想知道的是如何将我桶中所有对象的默认Grantee设置为“Everyone”。或者是否存在另一种默认情况下公开文件的解决方案?
Code I am using is below:
我正在使用的代码如下:
public static function putObject($input, $bucket, $uri, $acl = self::ACL_PRIVATE, $metaHeaders = array(), $requestHeaders = array()) {
if ($input === false) return false;
$rest = new S3Request('PUT', $bucket, $uri);
if (is_string($input)) $input = array(
'data' => $input, 'size' => strlen($input),
'md5sum' => base64_encode(md5($input, true))
);
// Data
if (isset($input['fp']))
$rest->fp =& $input['fp'];
elseif (isset($input['file']))
$rest->fp = @fopen($input['file'], 'rb');
elseif (isset($input['data']))
$rest->data = $input['data'];
// Content-Length (required)
if (isset($input['size']) && $input['size'] >= 0)
$rest->size = $input['size'];
else {
if (isset($input['file']))
$rest->size = filesize($input['file']);
elseif (isset($input['data']))
$rest->size = strlen($input['data']);
}
// Custom request headers (Content-Type, Content-Disposition, Content-Encoding)
if (is_array($requestHeaders))
foreach ($requestHeaders as $h => $v) $rest->setHeader($h, $v);
elseif (is_string($requestHeaders)) // Support for legacy contentType parameter
$input['type'] = $requestHeaders;
// Content-Type
if (!isset($input['type'])) {
if (isset($requestHeaders['Content-Type']))
$input['type'] =& $requestHeaders['Content-Type'];
elseif (isset($input['file']))
$input['type'] = self::__getMimeType($input['file']);
else
$input['type'] = 'application/octet-stream';
}
// We need to post with Content-Length and Content-Type, MD5 is optional
if ($rest->size >= 0 && ($rest->fp !== false || $rest->data !== false)) {
$rest->setHeader('Content-Type', $input['type']);
if (isset($input['md5sum'])) $rest->setHeader('Content-MD5', $input['md5sum']);
$rest->setAmzHeader('x-amz-acl', $acl);
foreach ($metaHeaders as $h => $v) $rest->setAmzHeader('x-amz-meta-'.$h, $v);
$rest->getResponse();
} else
$rest->response->error = array('code' => 0, 'message' => 'Missing input parameters');
if ($rest->response->error === false && $rest->response->code !== 200)
$rest->response->error = array('code' => $rest->response->code, 'message' => 'Unexpected HTTP status');
if ($rest->response->error !== false) {
trigger_error(sprintf("S3::putObject(): [%s] %s", $rest->response->error['code'], $rest->response->error['message']), E_USER_WARNING);
return false;
}
return true;
}
2 个解决方案
#1
248
Go to http://awspolicygen.s3.amazonaws.com/policygen.html Fill in the details such as: In Action select "GetObject" Select "Add Statement" Then select "Generate Policy"
转到http://awspolicygen.s3.amazonaws.com/policygen.html填写详细信息,例如:在操作中选择“GetObject”选择“添加语句”然后选择“生成策略”
Copy the text example:
复制文本示例:
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
Now go to your AWS S3 console, At the bucket level, click on Properties, Expand Permissions, then Select Add bucket policy. Paste the above generated code into the editor and hit save.
现在转到AWS S3控制台,在存储桶级别,单击“属性”,“展开权限”,然后选择“添加存储桶策略”。将上面生成的代码粘贴到编辑器中,然后点击保存。
All your items in the bucket will be public by default.
默认情况下,存储桶中的所有项目都将公开。
#2
108
If you want to make all objects public by default, the simplest way is to do it trough a Bucket Policy instead of Access Control Lists (ACLs) defined on each individual object.
如果要在默认情况下公开所有对象,最简单的方法是通过Bucket Policy而不是在每个单独对象上定义的访问控制列表(ACL)来实现。
You can use the AWS Policy Generator to generate a bucket policy for your bucket.
您可以使用AWS Policy Generator为您的存储桶生成存储桶策略。
For example, the following policy will allow anyone to read every object in your S3 bucket (just replace <bucket-name>
with the name of your bucket):
例如,以下策略将允许任何人读取S3存储桶中的每个对象(只需将
{
"Id": "Policy1380877762691",
"Statement": [
{
"Sid": "Stmt1380877761162",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
The Bucket Policy contains a list of Statements
and each statement has an Effect
(either Allow
or Deny
) for a list of Actions
that are performed by Principal
(the user) on the specified Resource
(identified by an Amazon Resource Name
or ARN
).
Bucket Policy包含一个Statements列表,每个语句对Principal(用户)对指定Resource(由Amazon资源名称或ARN标识)执行的Actions列表有效(Allow或Deny)。
The Id
is just an optional policy id and the Sid
is an optional unique statement id.
Id只是一个可选的策略ID,Sid是一个可选的唯一语句ID。
For S3 Bucket Policies, the Resource ARNs take the form:
对于S3存储桶策略,资源ARN采用以下形式:
arn:aws:s3:::<bucket_name>/<key_name>
The above example allows (Effect: Allow
) anyone (Principal: *
) to access (Action: s3:GetObject
) any object in the bucket (Resource: arn:aws:s3:::<bucket-name>/*
).
上面的例子允许(Effect:允许)任何人(Principal:*)访问(Action:s3:GetObject)桶中的任何对象(资源:arn:aws:s3 :::
#1
248
Go to http://awspolicygen.s3.amazonaws.com/policygen.html Fill in the details such as: In Action select "GetObject" Select "Add Statement" Then select "Generate Policy"
转到http://awspolicygen.s3.amazonaws.com/policygen.html填写详细信息,例如:在操作中选择“GetObject”选择“添加语句”然后选择“生成策略”
Copy the text example:
复制文本示例:
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
Now go to your AWS S3 console, At the bucket level, click on Properties, Expand Permissions, then Select Add bucket policy. Paste the above generated code into the editor and hit save.
现在转到AWS S3控制台,在存储桶级别,单击“属性”,“展开权限”,然后选择“添加存储桶策略”。将上面生成的代码粘贴到编辑器中,然后点击保存。
All your items in the bucket will be public by default.
默认情况下,存储桶中的所有项目都将公开。
#2
108
If you want to make all objects public by default, the simplest way is to do it trough a Bucket Policy instead of Access Control Lists (ACLs) defined on each individual object.
如果要在默认情况下公开所有对象,最简单的方法是通过Bucket Policy而不是在每个单独对象上定义的访问控制列表(ACL)来实现。
You can use the AWS Policy Generator to generate a bucket policy for your bucket.
您可以使用AWS Policy Generator为您的存储桶生成存储桶策略。
For example, the following policy will allow anyone to read every object in your S3 bucket (just replace <bucket-name>
with the name of your bucket):
例如,以下策略将允许任何人读取S3存储桶中的每个对象(只需将
{
"Id": "Policy1380877762691",
"Statement": [
{
"Sid": "Stmt1380877761162",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
The Bucket Policy contains a list of Statements
and each statement has an Effect
(either Allow
or Deny
) for a list of Actions
that are performed by Principal
(the user) on the specified Resource
(identified by an Amazon Resource Name
or ARN
).
Bucket Policy包含一个Statements列表,每个语句对Principal(用户)对指定Resource(由Amazon资源名称或ARN标识)执行的Actions列表有效(Allow或Deny)。
The Id
is just an optional policy id and the Sid
is an optional unique statement id.
Id只是一个可选的策略ID,Sid是一个可选的唯一语句ID。
For S3 Bucket Policies, the Resource ARNs take the form:
对于S3存储桶策略,资源ARN采用以下形式:
arn:aws:s3:::<bucket_name>/<key_name>
The above example allows (Effect: Allow
) anyone (Principal: *
) to access (Action: s3:GetObject
) any object in the bucket (Resource: arn:aws:s3:::<bucket-name>/*
).
上面的例子允许(Effect:允许)任何人(Principal:*)访问(Action:s3:GetObject)桶中的任何对象(资源:arn:aws:s3 :::