Not sure this is possible as I'm just getting started with Amazon S3.
我不确定这是否可行,因为我刚开始使用Amazon S3。
I have an application where users can upload images files to S3. I want these image files to only be accessible to application users, so if a user is logged in and requests an image, it will be displayed but when I'm trying to access the image by entering it's url directly, I'm not getting the image.
我有一个应用程序,用户可以将图像文件上传到S3。我希望这些图像文件只能供应用程序用户访问,因此如果用户登录并请求图像,它将会显示但是当我尝试通过直接输入图像来访问图像时,我没有得到图片。
I'm using this s3 Coldfusion handler, but I'm not sure how to set it up correctly regarding ACL, because only the uploading user will have access to a bucket and setting the ACL to public read will not block non-application users from accessing a file.
我正在使用这个s3 Coldfusion处理程序,但我不确定如何正确设置ACL,因为只有上传用户才能访问存储桶并将ACL设置为公共读取不会阻止非应用程序用户访问文件。
Question:
Is it possible to grant ACL on an application basis?
问题:是否可以在应用程序的基础上授予ACL?
1 个解决方案
#1
3
You can put buckets and objects which only allow access to the owner by passing an empty acl string. By owner i'm referering to the owning Amazon account, not the user in your application.
您可以通过传递空的acl字符串来放置仅允许访问所有者的存储桶和对象。通过所有者,我将引用拥有的亚马逊帐户,而不是您应用程序中的用户。
This example creates a single bucket then uploads an image into a sub folder.
此示例创建一个存储桶,然后将图像上载到子文件夹中。
<cfscript>
s3 = createobject("component", "s3").init(accessKeyId, secretAccessKey);
s3.putBucket("myapps-bucket", "");
s3.putObject(
bucketName="myapps-bucket",
fileKey="image.png",
contentType="image/png",
acl="",
keyName="user1234/image.png"
);
</cfscript>
To display the image to the user you must generate a signed link to the object othewrwise they will get an authorisation error from s3
要向用户显示图像,您必须生成对象的签名链接,否则他们将从s3获得授权错误
<!--- signed link valid for 30 mins --->
<cfset link = s3.getObject(bucket, "user1234/image.png", 30) />
<cfoutput>
<img src="#link#" />
</cfoutput>
Currently it is only possible to have 100 buckets per Amazon account, so i would recommend using a folder per user rather than separate buckets.
目前每个亚马逊帐户只能有100个存储桶,因此我建议每个用户使用一个文件夹而不是单独的存储桶。
#1
3
You can put buckets and objects which only allow access to the owner by passing an empty acl string. By owner i'm referering to the owning Amazon account, not the user in your application.
您可以通过传递空的acl字符串来放置仅允许访问所有者的存储桶和对象。通过所有者,我将引用拥有的亚马逊帐户,而不是您应用程序中的用户。
This example creates a single bucket then uploads an image into a sub folder.
此示例创建一个存储桶,然后将图像上载到子文件夹中。
<cfscript>
s3 = createobject("component", "s3").init(accessKeyId, secretAccessKey);
s3.putBucket("myapps-bucket", "");
s3.putObject(
bucketName="myapps-bucket",
fileKey="image.png",
contentType="image/png",
acl="",
keyName="user1234/image.png"
);
</cfscript>
To display the image to the user you must generate a signed link to the object othewrwise they will get an authorisation error from s3
要向用户显示图像,您必须生成对象的签名链接,否则他们将从s3获得授权错误
<!--- signed link valid for 30 mins --->
<cfset link = s3.getObject(bucket, "user1234/image.png", 30) />
<cfoutput>
<img src="#link#" />
</cfoutput>
Currently it is only possible to have 100 buckets per Amazon account, so i would recommend using a folder per user rather than separate buckets.
目前每个亚马逊帐户只能有100个存储桶,因此我建议每个用户使用一个文件夹而不是单独的存储桶。