我有一个s3存储桶(例如mybucket),当前该存储桶的权限设置如下:
Block all public access
On
|
|_Block public access to buckets and objects granted through new access control lists (ACLs)
| On
|
|_Block public access to buckets and objects granted through any access control lists (ACLs)
| On
|
|_Block public access to buckets and objects granted through new public bucket or access point policies
| On
|
|_Block public and cross-account access to buckets and objects through any public bucket or access point policies
On
在此存储桶中,我有两个文件夹:
images (e.g. https://mybucket.s3.us-west-2.amazonaws.com/images/puppy.jpg)
private (e.g. https://mybucket.s3.us-west-2.amazonaws.com/private/mydoc.doc)
我希望图像文件夹可以公开访问,以便我可以在自己的网站上显示图像
我希望私有文件夹受到限制,并且只能以编程方式使用IAM帐户访问
如何设置这些权限?我尝试关闭上述权限,也点击了图片 并采取行动,然后点击“公开”。然后,我尝试上传以下内容:
$image = Image::make($file->getRealPath())->resize(360, 180);
Storage::disk('s3')->put($filePath, $image->stream());
文件被上传,但是当我尝试如下显示图像时,出现403错误:
<img src="{{ Storage::disk('s3')->url($file->path) }}" />
要下载私人文档,我需要以下内容:
$response = [
'Content-Type' => $file->mime_type,
'Content-Length' => $file->size,
'Content-Description' => 'File Transfer',
'Content-Disposition' => "attachment; filename={$file->name}",
'Content-Transfer-Encoding' => 'binary',
];
return Response::make(Storage::disk('s3')->get($file->path), 200, $response);
设置这些权限的正确方法是什么?
在任何人开始大喊之前,我不熟悉S3存储,所以请多多包涵。
任何帮助和指导将不胜感激。
答案 0 :(得分:1)
Amazon S3 Block Public Access是存储桶级配置,它将防止您使该存储桶中的任何对象公开。因此,如果您想公开一个或多个对象,例如images/*,那么您需要为此存储桶禁用S3 Block Public Access。
这当然不会使您的任何对象公开。默认情况下,S3存储桶是私有的。要公开images/中的对象,您将需要配置S3存储桶策略,例如:
{
"Id": "id101",
"Statement": [
{
"Sid": "publicimages",
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/images/*",
"Principal": "*"
}
]
}