having no ACLs/Bucket owner enforced object ownership exposes owner canonical ID and displayname


You guys recommend not having ACLs on s3 buckets now, but if I create a bucket that is going to have read-only public access (ListBucket & GetObject only) from my application, then ListObjects/ListBucket on that bucket exposes both the Owner ID and DisplayName, which is not something I want public.

If I switch the bucket to Object writer ownership, the ListBucket results are nice and clean, containing only the relevant object info (key, etag, size, storage class).

It seems bad to leak the owner ID and display name like this? I'm going to keep it on Object writer I guess to avoid this even though the console has warnings all over the place about not using ACLs.


1개 답변

The canonical user ID is the Amazon S3–only concept. It is a 64-character obfuscated version of the account ID. Therefore you can't get anything out of the canonical user ID because it's a one-way hash (e.g. SHA-256).

For more information, please refer to the following links: https://docs.aws.amazon.com/AmazonS3/latest/userguide/finding-canonical-user-id.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example4.html

profile pictureAWS
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠