Ruby on rails AWS S3 bucket策略-如何仅允许从我的网站访问?
我有一个回形针文本文件附件(在Rails中) 我的政策是:Ruby on rails AWS S3 bucket策略-如何仅允许从我的网站访问?,ruby-on-rails,amazon-s3,paperclip,Ruby On Rails,Amazon S3,Paperclip,我有一个回形针文本文件附件(在Rails中) 我的政策是: { "Version": "2008-10-17", "Id": "Policy123", "Statement": [ { "Sid": "Stmt123", "Effect": "Allow", "Principal": { "AWS": "*" },
{
"Version": "2008-10-17",
"Id": "Policy123",
"Statement": [
{
"Sid": "Stmt123",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
我想限制对这些操作的访问,仅当请求来自我的网站时才允许。是否只是将其更新为“Principal”:{“AWS”:“mywebsite.com”}?您可以在中查看一些示例 要限制对网站的访问,您可以使用推荐人上的条件:
{
"Version":"2008-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.mysite.com and mysite.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
" http://www.mysite.com/*",
" http://mysite.com/*"
]
}
}
}
]
}
桶策略:
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests originating from www.example.com and example.com.",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::00000000:user/example-user" // IAM User ARN
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-example/*", // bucket ARN
"Condition": {
"StringLike": {
"aws:Referer": [
"http://example.com/*" // Website link
]
}
}
}
]
}
这使我无法从我的站点不幸地打开文件检查拼写是否正确:aws:Referer与HTTP Referer字段相同。还要检查您的站点URL是否以正确的格式发送。删除该条件,并检查图像的标题。如何检查发送网站URL的格式?当我把推荐人放进去时,我不能从网站上打开回形针附件:-(例如使用Chrome Developer Tools:这里是否有一个红旗,表明直接访问网站的流量不会看到任何资产加载(因为推荐人在该时间点不会被设置为该特定网站)