AWS S3 sharing access to static website

2018-06-25 01:58:12

I've configured my bucket policy (for a static website hosted on an S3 bucket) so that another account can perform actions on this bucket. The policy looks something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket.com/*"
        },
        {
            "Sid": "Example permissions",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::00000000000:user/username"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::mybucket.com"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::000000000000:user/username"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::mybucket.com/*"
        }
    ]
}

The first object in "Statement" specifies that this bucket should be readable by the public, so that anyone can access the site (I am using Route 53 as well).

The second account is able to upload files to the bucket, however once he uploads a file, then access is restricted to that file, ie if he uploads index.html to the top-level directory of the bucket, then navigating to the website will produce a 403 access denied error.

I have looked into IAM roles, which I think may be related but would appreciate any help with this.

链接地址: http://www.djcxy.com/p/70226.html

上一篇: 使用适当的ACL通过VPC Endpoint通过HTTP将PUT对象传递给AWS S3？

下一篇: AWS S3共享访问静态网站