Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services AWS S3存储桶策略允许从特定URL访问;s_Amazon Web Services_Amazon S3_Powerbi - Fatal编程技术网
Fatal编程技术网

Amazon web services AWS S3存储桶策略允许从特定URL访问;s

amazon-web-services amazon-s3 powerbi

Amazon web services AWS S3存储桶策略允许从特定URL访问;s,amazon-web-services,amazon-s3,powerbi,Amazon Web Services,Amazon S3,Powerbi,我有一个power bi应用程序,它将PDF存储在s3存储桶中。我希望仅当power bi web应用程序或嵌入在我管理的网页(beyondmapping.com)中的web应用程序请求时,才允许访问文档。我已经使用策略生成器创建了以下bucket策略 { "Version": "2012-10-17", "Id": "Policy1513783148229", "Statement": [ { "Sid": "Stmt151378

我有一个power bi应用程序,它将PDF存储在s3存储桶中。我希望仅当power bi web应用程序或嵌入在我管理的网页(beyondmapping.com)中的web应用程序请求时,才允许访问文档。我已经使用策略生成器创建了以下bucket策略

{
    "Version": "2012-10-17",
    "Id": "Policy1513783148229",
    "Statement": [
        {
            "Sid": "Stmt1513783134644",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::flsarchives/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://app.powerbi.com/*",
                        "https://www.app.powerbi.com/*",
                        "http://beyondmapping.com/*",
                        "http://www.beyondmapping.com/*"
                    ]
                }
            }
        }
    ]
}
该策略验证并警告我“此存储桶具有公共访问权限”,但当我尝试通过访问时,我得到

为了从这些URL检索文档,我应该做些什么

编辑:当前CORS。不确定这是否相关,也不确定它应该是什么样子

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
</CORSRule>
<CORSRule>
    <AllowedOrigin>https://www.appdomain.com</AllowedOrigin>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>


*
得到
3000
https://www.appdomain.com
放
邮递
删除
*
我不确定到底做了什么不同,但我最终安装了它,它允许我创建并应用以下bucket策略。我看到的唯一区别是“Action”:“s3:GetObject”策略。这似乎奏效了

{
  "Version": "2012-10-17",
  "Id": "preventHotLinking",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::flsarchives/*",
      "Condition": {
        "StringLike": {
          "aws:Referer": [
            "https://app.powerbi.com/*",
            "https://www.app.powerbi.com/*"
          ]
        }
      }
    }
  ]
}
你启用了吗?我一个人走了。我该怎么做?医生说的不多。我已经进行了调整,以准确反映文档中的cors示例。@Noahuntington如果在aws:Referer中使用http而不是https会发生什么?我复制了您的答案,更改了bucket名称和Referer链接,它工作得非常好,没有安装任何其他内容。 
{
  "Version": "2012-10-17",
  "Id": "preventHotLinking",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::flsarchives/*",
      "Condition": {
        "StringLike": {
          "aws:Referer": [
            "https://app.powerbi.com/*",
            "https://www.app.powerbi.com/*"
          ]
        }
      }
    }
  ]
}