目标:不需要权限可以访问文件
桶默认可以有三种 Access Policy 策略:
public、custom、private
- public:不经过任何认证可以直接访问资源
- custom:自定义策略 Access Rule
- private:未经授权不能进行任何操作,所有Access Rules失效
访问路径为
hostname.com/fat/docker.png
先配置 Access Policy 为 public,但还是会报错
查看 Access Rules,发现新增时为空
配置访问规则 Access Rules 为所有可读
可以正常访问了
配置 Access Policy 为 custom
策略为
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::fat"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::fat"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"*"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::fat/**"
]
}
]
}