如何在S3上设置bucket的ACL ?

时间:2022-04-30 10:45:00

I tried a couple of things: S3Browse, the RightAws Ruby gem and other tools. All allow granting access on an individual key basis, but I wasn't able to set the ACL on buckets. Actually, I set the ACL on the bucket, no errors are returned. But when I refresh or check in another tool, the bucket's ACL is reset to owner only.

我尝试了一些东西:S3Browse、Ruby gem和其他工具。所有这些都允许在一个关键的基础上授予访问权限,但是我不能将ACL设置为bucket。实际上,我在bucket上设置了ACL,没有返回错误。但是当我刷新或检查另一个工具时,bucket的ACL仅被重置为所有者。

I want to give read and write access to FlixCloud for an application I'm developing. They need the access to write the output files.

我想为我正在开发的应用程序提供对FlixCloud的读和写访问。他们需要访问来写入输出文件。

3 个解决方案

#1


1  

Yup, just checked it again after 10 min. ACL remains as configured. I guess this is something at your end then. Try different account/workstation.

是的,在10分钟后再检查一次。ACL仍然是配置好的。我想这是你的结局。尝试不同的帐户/工作站。

#2


11  

I was struggling with the ACL vs. Bucket Policy and found the following useful.

我正在与ACL和Bucket策略进行斗争,发现以下有用。

ACL

ACL

The ACL defines the permissions attached to a single file in your bucket. The Bucket Policy is a script that explains the permissions for any folder or file in a bucket. Use the bucket polcies to restrict hot linking, grant or deny access to specific or all files, restrict IP address, etc.

ACL定义了在bucket中附加到单个文件的权限。Bucket策略是一个脚本,它解释了Bucket中任何文件夹或文件的权限。使用bucket参数限制热链接、授予或拒绝访问特定或所有文件、限制IP地址等。

Edit the S3 Bucket Policy

编辑S3 Bucket策略。

Log into Amazon Web Services, click to S3 and click on the bucket name in the left column. View the bucket Properties panel at the bottom of the page. Click the button on the lower right corner that says "Edit bucket policy". This brings up a lightbox that you can paste the policy script into. If the script fails validation it will not save.

登录到Amazon Web Services,单击S3并单击左侧列中的bucket名称。查看页面底部的bucket Properties面板。点击右下角的按钮,上面写着“编辑桶策略”。这将打开一个lightbox,您可以将策略脚本粘贴到其中。如果脚本失败,它将无法保存。

Sample Policy that enabled read access to everyone (useful if the bucket is being used as a content delivery network)

允许对每个人进行读访问的样例策略(如果bucket被用作内容分发网络,则很有用)

{
     "Version": "2008-10-17",
     "Id": "",
     "Statement": [
          {
               "Sid": "AddPerm",
               "Effect": "Allow",
               "Principal": {
                    "AWS": "*"
               },
               "Action": "s3:GetObject",
               "Resource": "arn:aws:s3:::my_bucket_name/*"
          }
     ]
}

Sample policy to prevent unauthorized hotlinking (third party sites linking to it) but allow anybody to download the files:

防止未经授权的盗链(第三方网站链接)的样本政策,但允许任何人下载文件:

{ 
    "Version":"2008-10-17", 
    "Id":"preventHotLinking",

    "Statement":[ { 

        "Sid":"1", 
        "Effect":"Allow",
        "Principal": {
            "AWS":"*"
        },

        "Action":"s3:GetObject",
        "Resource":"arn:aws:s3:::your.bucket.name/*",

        "Condition":{

            "StringLike": { 

                "aws:Referer": [
                    "http://yourwebsitename.com/*", 
                    "http://www.yourwebsitename.com/*"
                ]
            }
        }
    }]
}

Generate a Policy

生成一个政策

http://awspolicygen.s3.amazonaws.com/policygen.html

http://awspolicygen.s3.amazonaws.com/policygen.html

Sample Bucket Policies

样品桶政策

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html

#3


1  

I have just double checked that for you - S3fm was able to change the ACL successfully. I used their email s3@flixcloud.com as userid. You can see the user in the list afterwords as flixclouds3.

我刚刚检查了一下,S3fm成功地改变了ACL。我用他们的邮箱s3@flixcloud.com作为用户id。您可以在列表后的列表中看到用户,如flixclouds3。

#1


1  

Yup, just checked it again after 10 min. ACL remains as configured. I guess this is something at your end then. Try different account/workstation.

是的,在10分钟后再检查一次。ACL仍然是配置好的。我想这是你的结局。尝试不同的帐户/工作站。

#2


11  

I was struggling with the ACL vs. Bucket Policy and found the following useful.

我正在与ACL和Bucket策略进行斗争,发现以下有用。

ACL

ACL

The ACL defines the permissions attached to a single file in your bucket. The Bucket Policy is a script that explains the permissions for any folder or file in a bucket. Use the bucket polcies to restrict hot linking, grant or deny access to specific or all files, restrict IP address, etc.

ACL定义了在bucket中附加到单个文件的权限。Bucket策略是一个脚本,它解释了Bucket中任何文件夹或文件的权限。使用bucket参数限制热链接、授予或拒绝访问特定或所有文件、限制IP地址等。

Edit the S3 Bucket Policy

编辑S3 Bucket策略。

Log into Amazon Web Services, click to S3 and click on the bucket name in the left column. View the bucket Properties panel at the bottom of the page. Click the button on the lower right corner that says "Edit bucket policy". This brings up a lightbox that you can paste the policy script into. If the script fails validation it will not save.

登录到Amazon Web Services,单击S3并单击左侧列中的bucket名称。查看页面底部的bucket Properties面板。点击右下角的按钮,上面写着“编辑桶策略”。这将打开一个lightbox,您可以将策略脚本粘贴到其中。如果脚本失败,它将无法保存。

Sample Policy that enabled read access to everyone (useful if the bucket is being used as a content delivery network)

允许对每个人进行读访问的样例策略(如果bucket被用作内容分发网络,则很有用)

{
     "Version": "2008-10-17",
     "Id": "",
     "Statement": [
          {
               "Sid": "AddPerm",
               "Effect": "Allow",
               "Principal": {
                    "AWS": "*"
               },
               "Action": "s3:GetObject",
               "Resource": "arn:aws:s3:::my_bucket_name/*"
          }
     ]
}

Sample policy to prevent unauthorized hotlinking (third party sites linking to it) but allow anybody to download the files:

防止未经授权的盗链(第三方网站链接)的样本政策,但允许任何人下载文件:

{ 
    "Version":"2008-10-17", 
    "Id":"preventHotLinking",

    "Statement":[ { 

        "Sid":"1", 
        "Effect":"Allow",
        "Principal": {
            "AWS":"*"
        },

        "Action":"s3:GetObject",
        "Resource":"arn:aws:s3:::your.bucket.name/*",

        "Condition":{

            "StringLike": { 

                "aws:Referer": [
                    "http://yourwebsitename.com/*", 
                    "http://www.yourwebsitename.com/*"
                ]
            }
        }
    }]
}

Generate a Policy

生成一个政策

http://awspolicygen.s3.amazonaws.com/policygen.html

http://awspolicygen.s3.amazonaws.com/policygen.html

Sample Bucket Policies

样品桶政策

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html

#3


1  

I have just double checked that for you - S3fm was able to change the ACL successfully. I used their email s3@flixcloud.com as userid. You can see the user in the list afterwords as flixclouds3.

我刚刚检查了一下,S3fm成功地改变了ACL。我用他们的邮箱s3@flixcloud.com作为用户id。您可以在列表后的列表中看到用户,如flixclouds3。