0
我试图设置一个S3存储桶来接受匿名上传,同时允许存储桶拥有者完整的权限和防止公众阅读访问。根据here的代码,我已经在下面设置了存储桶策略。我想使用curl上传到桶中,但所有我得到的是亚马逊AWS S3存储桶匿名上传使用卷曲
拒绝访问
这里是斗政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "allow-anon-put",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::[mybucket]/uploads/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Sid": "deny-other-actions",
"Effect": "Deny",
"NotPrincipal": {
"AWS": "arn:aws:iam::[myid]:root"
},
"NotAction": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::[mybucket]/*"
}
]
}
而卷曲POST :
curl --request PUT --upload-file "thefile.gif" -k https://[mybucket].s3.amazonaws.com/uploads/
有真的,真的,真的允许匿名上传没有道理的。没有。但是,由于您的政策需要“x-amz-acl:bucket-owner-full-control”,您是否尝试过提出与您的政策一致的请求? 'curl ... -H'x-amz-acl:bucket-owner-full-control'' –
谢谢。这工作。现在我正在研究如何使用预定义的POST URL来获得更好的安全性,但无法获得正确的curl查询字符串。如果你能提供帮助,在这里创建一个新问题。 http://stackoverflow.com/q/43991783/3198281 – UltrasoundJelly