问题
I have a S3 bucket with a special directory that I'm dumping user uploaded images that I want to restrict to authenticated users. It shouldn't be restricted to just the user that uploaded the image. I'm really trying to avoid setting up a db model for this. Is there anyway to block anonymous members from the user uploaded images?
So, I have two questions: How do I go about setting up an anonymous-user-blocked S3 bucket? AND How should I access this bucket within a is_authenticated conditional?
回答1:
- Set the bucket ACL to private. This will stop anyone but you (the bucket owner) from accessing the objects.
- Check if the user is_authenticated and if they are...
- Generate a signed URL which is basically a pre authenticated request and give it to the user who can then request the object for some period of time.
来源:https://stackoverflow.com/questions/21609842/django-aws-s3-bucket-authenticated-access-to-s3-bucket