- 최신
- 최다 투표
- 가장 많은 댓글
I would suggest looking at your other "good buckets" and see what permissions they have. Do they have a policy added that allows a service to access objects in the bucket? Use an IDE to color code the policies and open up a split browser to see them side by side. For testing purposes, you might use the AWS policy generator to help set up a very permissive policy that allows all services to access objects in your bucket. Once you get access, then tighten up the policy and allow-list the specific resource access to your buckets and objects. Also, are all of these buckets in the same account? You might look at your IAM policies to make sure they are the same, if you are using another account.
Hi,
It looks like the CORS settings in the bucket with PNGs are not allowing requests from other origins. Even though the bucket policies are the same, there could be variations in the CORS settings. Take a look at the CORS settings of the problematic bucket and make sure the 'Access-Control-Allow-Origin' header is set correctly. You can find more information in the official documentation https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
yeah I did that and all is 100% identical. After long search the only solution i found was to change the metadata of each png to cache-control: no-cache. Super strange the other buckets don't have this need
Regarding the IAM policies and different accounts, can you elaborate? I have all three buckets visible in my accounts and open publicly
Hi LW's, I was just brainstorming on things that you could look to for clues. A standard of practice among some is to have a Dev, Test, and Production account - each for a different purpose. I was just suggesting that if you have multiple accounts, to look at your other accounts and compare permissions.
On another topic, have you thought about adding a CloudFront distribution to your S3 buckets to securely serve your content to users? You could keep your buckets closed to the public, but allow CloudFront to access objects in your bucket. Read up on it and see what you think?
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html