我有一个应用程序,用户使用facebook登录,然后可以将图像上传到s3存储区并查看它们。我使用了Cognito服务来允许每个登录用户上传和查看所有文件。用于上传和查看图片的Amazon S3存储桶政策
我不知道如何在s3存储桶上设置正确的权限。这是我在它的尝试,但我得到无法保存策略,并得到Statement is missing required element - Statement "NO_ID-0" is missing "Principal" element
{
"Version": "2012-10-17",
"Id": "Policy1457546546214",
"Statement": [
{
"Sid": "Stmt1475657256771436",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-name/*"
},
{
"Sid": "Stmt16577654572138125",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"bucket-name/identity-pool-id*"
]
}
]
}
这是客户端部分,如果它可以帮助:
FB.login(function (response) {
if (response.authResponse) {
AWS.config.region = 'eu-west-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'eu-west-1:xxxxxxxxxxx',
Logins: {
'graph.facebook.com': response.authResponse.accessToken
}
})
var bucket = new AWS.S3({params: {Bucket: 'name'}})
var fileChooser = document.getElementById('file-chooser')
var button = document.getElementById('upload-button')
button.addEventListener('click', function() {
var file = fileChooser.files[0]
var params = {Key: file.name, ContentType: file.type, Body: file}
bucket.upload(params, function (err, data) {
...
Cognito IAM > Roles > Cognito_myappAuth_Role
:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cognito-identity:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucket/${cognito-identity.amazonaws.com:sub}/*",
"arn:aws:s3:::bucket/${cognito-identity.amazonaws.com:sub}"
]
}
]
}
这是一个存储桶策略? –
是........... – ilyo