Amazon S3 bucket policy for anonymously uploading

2020-02-10 07:22发布

站内问答 / 后端开发
654 2 5

I am planning on using Amazon S3 to let users upload photos from an iPhone and then let them be publicly viewable.

I am having some trouble understanding how to set up these security constraints in the bucket policy:

  • Everyone can read every file.
  • Everyone can upload a new file that is maximum 256K large.
  • No one can delete any file.
  • No one can modify any file.

标签: amazon-s3
举报
2条回答
叛逆
2楼-- · 2020-02-10 07:44

Perhaps something like the one below will work, but I am not sure you can restrict the upload size. 

{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal":"*",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:GetObjectAcl",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::mybucket/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketAcl"
      ],
      "Resource": "arn:aws:s3:::mybucket",
      "Condition": {}
    }
  ]
}
查看更多
0人赞 添加讨论(0) 举报
beautiful°
3楼-- · 2020-02-10 08:04

Ok I sort of worked it out in the end. The only thing is that you can't set different permissions on adding files and updating files. They are all covered by s3:PutObject. Also, it doesn't seem possible to restrict file size.

{
    "Version": "2008-10-17",
    "Id": "policy",
    "Statement": [
        {
            "Sid": "allow-public-read",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*"
        },
    {
            "Sid": "allow-public-put",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucket/*"
        }
  ]
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)