为AWS S3存储桶添加适当的权限以允许SEO

时间:2021-01-26 10:47:37

I'm trying to verify my site for SEO purposes with Google using https://www.google.com/webmasters/tools/home?hl=en. I am using AWS S3 to host my content, and AWS Cloudfront to serve it through the CDN. I'm following this checklist: http://www.wikihow.com/Get-Your-Website-Indexed-by-Google and am on Step 4.

我正在尝试使用https://www.google.com/webmasters/tools/home?hl=zh-CN在Google上验证我的网站以进行搜索引擎优化。我使用AWS S3来托管我的内容,并使用AWS Cloudfront通过CDN提供服务。我正在关注此清单:http://www.wikihow.com/Get-Your-Website-Indexed-by-Google,我在第4步。

The steps Google lists to verify are:

Google列出要验证的步骤是:

  1. Download this HTML verification file. [googlelongstringofcharacters.html]
  2. 下载此HTML验证文件。 [googlelongstringofcharacters.html]
  3. Upload the file to https://www.dynamicdentaledu.com/
  4. 将文件上传到https://www.dynamicdentaledu.com/
  5. Confirm successful upload by visiting https://www.dynamicdentaledu.com/googlelongstringofcharacters.html in your browser.
  6. 通过在浏览器中访问https://www.dynamicdentaledu.com/googlelongstringofcharacters.html确认上传成功。
  7. Click Verify below. To stay verified, don't remove the HTML file, even after verification succeeds.
  8. 单击下面的验证。要保持验证,即使验证成功,也不要删除HTML文件。

I've added the HTML file to my site's root. When I click confirm in step 3, I get:

我已将HTML文件添加到我网站的根目录中。当我在步骤3中单击确认时,我得到:

为AWS S3存储桶添加适当的权限以允许SEO

So I skipped that and clicked Verify button in step 4. Google says:

所以我跳过了它并点击了第4步中的验证按钮。谷歌说:

Verification failed for https://www.dynamicdentaledu.com/ using the HTML file method (less than a minute ago). We were unable to connect to your server.

https://www.dynamicdentaledu.com/使用HTML文件方法验证失败(不到一分钟前)。我们无法连接到您的服务器。

I think this is due to the permissions and bucket policies I have the S3 bucket. They are, respectively:

我认为这是由于我拥有S3存储桶的权限和存储桶策略。它们分别是:

为AWS S3存储桶添加适当的权限以允许SEO

And

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::dynamicdentaledu.com/*"
        }
    ]
}

How can I enable Google to access what it needs?

如何让Google访问所需内容?


EDIT: following AWS's bucket policies, I changed the policy to:

编辑:遵循AWS的存储桶策略,我将策略更改为:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::dynamicdentaledu.com/*"
        }
    ]
}

Am now getting:

我现在得到:

<Error>
<Code>NoSuchKey</Code>
<Message>The specified key does not exist.</Message>
<Key>google*longstringofcharacters*.html</Key>
<RequestId>42DD1F1F0D5E06F7</RequestId>
<HostId>
zbmsLAEMz3ed2zKx3gKCHjrtHxeWmaLl16JJs6012zFcLQdnMH48mFJY1YOETD3WMS/8NwkU3SY=
</HostId>
</Error>

1 个解决方案

#1


1  

You have three issues.

你有三个问题。

  • CloudFront will return errors to the browser for 5 minutes after you fix the problem, by default. When the origin server returns an error, usually there is no reason for CloudFront to continually retry. In a case like this, you may want to reconfigure the Error Caching TTL for 403 and 404 errors to 0 seconds in CloudFront. See my answer to Amazon CloudFront Latency for further explanation of this.

    默认情况下,解决问题后,CloudFront将向浏览器返回错误5分钟。当原始服务器返回错误时,通常没有理由让CloudFront不断重试。在这种情况下,您可能希望在CloudFront中将403和404错误的错误缓存TTL重新配置为0秒。有关此问题的进一步说明,请参阅我对Amazon CloudFront Latency的回答。

  • You did not need to change your bucket policy. If your site was otherwise working and you uploaded this new object with the "make everything public" option selected (equivalent to setting x-amz-acl: public-read if using the API) then that should have been sufficient, though the 5 minute timer mentioned above could have complicated your troubleshooting process. Note also that in your bucket permissions, you are allowing Everyone to List the contents of your bucket. This is not actually causing the problem, here, but is a configuration that is potentially too permissive and needs to be mentioned. This option allows anyone to download a complete list of all your files, which seems like a bad idea in most cases.

    您无需更改存储桶策略。如果你的网站正在工作,你上传了这个新对象并选择了“make everything public”选项(相当于设置x-amz-acl:public-read,如果使用API​​)那么这应该已经足够了,尽管5分钟上面提到的计时器可能会使您的故障排除过另请注意,在您的存储桶权限中,您允许Everyone列出存储桶的内容。这实际上并没有导致问题,但这是一种可能过于宽松且需要提及的配置。此选项允许任何人下载所有文件的完整列表,这在大多数情况下似乎是个坏主意。

  • You didn't upload the file with the correct name. <Code>NoSuchKey</Code> is never returned for any reason other than, simply enough, there is no object with this key (path/filename.ext) in the bucket. It cannot be caused by policy, permissions, ACL, etc. Check in the S3 console: the file is not named as you intended, or is not in the right place, at the root of the bucket. The long string of characters is not, as far as I am aware, a secret value -- only an obscure/unpredictable value -- so if the information here doesn't help you resolve this, showing a screen shot of the console including this object and its properties should not pose any security issue for you. This may be necessary for further troubleshooting, should that be required.

    您没有使用正确的名称上传文件。 NoSuchKey 永远不会因为任何原因而返回,除此之外,桶中没有此密钥(path / filename.ext)的对象。它不能由策略,权限,ACL等引起。在S3控制台中检查:文件未按预期命名,或者位于存储桶根目录的正确位置。据我所知,长字符串不是一个秘密值 - 只是一个模糊/不可预测的值 - 所以如果这里的信息无法解决这个问题,那么显示控制台的屏幕截图,包括这个对象及其属性不应对您造成任何安全问题。如果需要,这可能是进一步故障排除所必需的。

#1


1  

You have three issues.

你有三个问题。

  • CloudFront will return errors to the browser for 5 minutes after you fix the problem, by default. When the origin server returns an error, usually there is no reason for CloudFront to continually retry. In a case like this, you may want to reconfigure the Error Caching TTL for 403 and 404 errors to 0 seconds in CloudFront. See my answer to Amazon CloudFront Latency for further explanation of this.

    默认情况下,解决问题后,CloudFront将向浏览器返回错误5分钟。当原始服务器返回错误时,通常没有理由让CloudFront不断重试。在这种情况下,您可能希望在CloudFront中将403和404错误的错误缓存TTL重新配置为0秒。有关此问题的进一步说明,请参阅我对Amazon CloudFront Latency的回答。

  • You did not need to change your bucket policy. If your site was otherwise working and you uploaded this new object with the "make everything public" option selected (equivalent to setting x-amz-acl: public-read if using the API) then that should have been sufficient, though the 5 minute timer mentioned above could have complicated your troubleshooting process. Note also that in your bucket permissions, you are allowing Everyone to List the contents of your bucket. This is not actually causing the problem, here, but is a configuration that is potentially too permissive and needs to be mentioned. This option allows anyone to download a complete list of all your files, which seems like a bad idea in most cases.

    您无需更改存储桶策略。如果你的网站正在工作,你上传了这个新对象并选择了“make everything public”选项(相当于设置x-amz-acl:public-read,如果使用API​​)那么这应该已经足够了,尽管5分钟上面提到的计时器可能会使您的故障排除过另请注意,在您的存储桶权限中,您允许Everyone列出存储桶的内容。这实际上并没有导致问题,但这是一种可能过于宽松且需要提及的配置。此选项允许任何人下载所有文件的完整列表,这在大多数情况下似乎是个坏主意。

  • You didn't upload the file with the correct name. <Code>NoSuchKey</Code> is never returned for any reason other than, simply enough, there is no object with this key (path/filename.ext) in the bucket. It cannot be caused by policy, permissions, ACL, etc. Check in the S3 console: the file is not named as you intended, or is not in the right place, at the root of the bucket. The long string of characters is not, as far as I am aware, a secret value -- only an obscure/unpredictable value -- so if the information here doesn't help you resolve this, showing a screen shot of the console including this object and its properties should not pose any security issue for you. This may be necessary for further troubleshooting, should that be required.

    您没有使用正确的名称上传文件。 NoSuchKey 永远不会因为任何原因而返回,除此之外,桶中没有此密钥(path / filename.ext)的对象。它不能由策略,权限,ACL等引起。在S3控制台中检查:文件未按预期命名,或者位于存储桶根目录的正确位置。据我所知,长字符串不是一个秘密值 - 只是一个模糊/不可预测的值 - 所以如果这里的信息无法解决这个问题,那么显示控制台的屏幕截图,包括这个对象及其属性不应对您造成任何安全问题。如果需要,这可能是进一步故障排除所必需的。