- 最新
- 最多得票
- 最多評論
Assuming your web application is running in EC2/ECS, you can create an IAM Role with permissions to access the Bucket and attach it to your EC2 Instance(s). The Role will authorise SDK calls made from the instance (assuming the correct permissions are defined) without you having to create/manage access keys.
As long as your Buckets access Policy/ACLs are configured to allow access from the account/role your web application will be able to continue using the SDK as standard.
Note: IAM Roles & Bucket ACLs are notoriously tricky to get right so I strongly advise getting the configuration right on a UAT environment first.
Like Daniel Craigine wrote, of course, you can use SDK to upload new files to this S3 Bucket.
Origin Access Identity (OAI) is the way how the CloudFront is authorized to get objects from S3 and you need to allow OAI permission in Bucket Policy as is explained in the article you mention. But you can still add your application permission to PutObjects to this S3 Bucket in the IAM Role used by your application.
I hope it is clear right now :)
相關內容
- 已提問 1 年前
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
what is an
UAT environment?UAT means User Acceptance Testing environment. So Daniel just mentioned that you should always test your solution before going live with it.