在添加" aws:Referer"时,我试图弄清楚为什么AWS S3 SDK ListObjects停止工作(403 Forbidden)声明我的桶政策。
以下工作正常,直到将Referer语句添加到用户策略:
<?php
try {
$result = $this->s3->listObjects([
'Bucket' => $this->bucket
]);
echo "Keys retrieved!" . PHP_EOL;
foreach ($result['Contents'] as $object) {
echo $object['Key'] . PHP_EOL;
}
} catch (S3Exception $e) {
echo $e->getMessage() . PHP_EOL;
}
添加语句后,网页将返回403 Forbidden:
Error executing "ListObjects" on "https://myamazonurl.s3.amazonaws.com/?encoding-type=url"; AWS HTTP error: Client error: `GET https://myBucketName.s3.amazonaws.com/?encoding-type=url` resulted in a `403 Forbidden` response: AccessDenied
此策略适用于ListObjects:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGetRequestsOriginating",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteObject",
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::MyBucketName*",
"arn:aws:s3:::MyBucketName"
],
}
]
}
但是只要我添加&#34; aws:Referer&#34;:块,ListObjects就会停止工作:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Allowgetrequestsoriginatingfrom",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteObject",
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::MyBucketName*",
"arn:aws:s3:::MyBucketName"
],
"Condition": {
"StringLike": {
"aws:Referer": [
"http://myLocalSite.vagrant",
"http://myLocalSite.vagrant/*"
]
}
}
}
]
}
有什么想法吗?