AWS Bucket Policy,用于限制对存储区的公共访问,但允许引用域

时间:2012-05-07 17:37:28

标签: amazon-s3 amazon-web-services amazon-cloudfront

我有以下Bucket Policy:

{
"Version": "2008-10-17",
"Id": "MyDomainpremiumflvfiles",
"Statement": [
    {
        "Sid": "Allow get requests to specific referrers",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::premiumflvfiles/*",
        "Condition": {
            "StringLike": {
                "aws:Referer": [
                    "http://mydomain.com/*",
                    "http://www.mydomain.com/*"
                ]
            }
        }
    },
    {
        "Sid": "Allow CloudFront get requests",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::123456789:root"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::premiumflvfiles/*"
    }
]
}

如果已将123456789替换为我的正确客户ID,则mydomain已替换为正确的域名。

我已经取消了公共访问权限,但是当我这样做时,我无法访问引用域中的文件。我确定我错过了一些明显的东西,但我无法弄明白。

感谢您的帮助。

1 个答案:

答案 0 :(得分:1)

这有助于您生成有效的政策AWS Policy Generator

相关问题
最新问题