1 回答
- 最新
- 投票最多
- 评论最多
0
Hello, you can adjust the bucket policy to include a condition that checks for the presence of a specific query string parameter that is included in the signed URLs. below is example for this:
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "Allow-put-object-only-with-signed-url",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket-name/*",
"Condition": {
"StringLike": {
"aws:url-param": "URL-signature=*"
}
}
}
]
}
This gonna allows putObject for S3 signed URLs that include "url singature" query string parameter. As for the CloudFront signed URLs, you can use cloudfront:signedUrl in the Principal field, and also include a condition that checks the presence of the CloudFront-Signature query string parameter.
{
"Version": "2012-10-17",
"Id": "CloudFrontPolicyId1",
"Statement": [
{
"Sid": "Allow-put-object-only-with-signed-url",
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity"},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket-name/*",
"Condition": {
"StringLike": {
"aws:url-param": "CloudFront-Signature=*"
}
}
}
]
}
已回答 1 年前
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 9 个月前
- AWS 官方已更新 10 个月前
thank you for answer