Publishing Amazon AWS credentials for account with 1 permission

2018-06-21 08:29:18

I have an piece of code I want to live on a static website but I want it to pull the latest version of a file in an Amazon AWS S3 bucket to display a link for download. I'm not requiring the user to authenticate in any way with my site.

The API I'm using ( aws-sdk for javascript) requires credentials to perform any operation, even on a public bucket. My plan for listing the files is to create an IAM user that can only access a subfolder in this bucket through the following policy to do what I need:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListingOfDLFolder",
            "Action": "s3:ListBucket",
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::cobstatic.com"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "dl/*"
                    ]
                }
            }
        }
    ]
}

Is this secure? Is there a better solution?

链接地址: http://www.djcxy.com/p/59968.html

上一篇: 最好的方式“循环2

下一篇: 为具有1个权限的帐户发布Amazon AWS凭据