问题
I researched this and other topics. I create a new bucket "ilya_test_1" on Amazon S3. I add permission to Everyone with Upload/Delete enabled. I leave my default private permission untouched. I upload image to the bucket root.
I try to browse via browser to my image and I get AccessDenied. Shouldn't everything in this bucket be public accessible?
What I do not understand is why do I need to set the below bucket policy if I have already granted access to Everyone?
NOTE: access works if I set permissions to Everyone AND this bucket policy.
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::ilya_test_1/*"
}
]
}
回答1:
You are giving permission to upload. But in the upload, the headers can set the file to public or private. Perhaps something is setting the header to private on upload?
(Also, it's generally a bad idea to have public write on S3. You should have a server that hands out signed S3 URLs that your client can PUT/POST to. Why? Because you can more easily prevent abuse (limit size of upload, limit number of uploads per IP, etc.)
来源:https://stackoverflow.com/questions/21209844/amazon-s3-bucket-public-access-via-permission-or-policy-causes