1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello, you can adjust the bucket policy to include a condition that checks for the presence of a specific query string parameter that is included in the signed URLs. below is example for this:
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "Allow-put-object-only-with-signed-url",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket-name/*",
"Condition": {
"StringLike": {
"aws:url-param": "URL-signature=*"
}
}
}
]
}
This gonna allows putObject for S3 signed URLs that include "url singature" query string parameter. As for the CloudFront signed URLs, you can use cloudfront:signedUrl in the Principal field, and also include a condition that checks the presence of the CloudFront-Signature query string parameter.
{
"Version": "2012-10-17",
"Id": "CloudFrontPolicyId1",
"Statement": [
{
"Sid": "Allow-put-object-only-with-signed-url",
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity"},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket-name/*",
"Condition": {
"StringLike": {
"aws:url-param": "CloudFront-Signature=*"
}
}
}
]
}
답변함 일 년 전
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 9달 전
thank you for answer