是否可以禁止公共访问AWS文件,但只提供特定的Origin?

问题描述 投票:0回答:1

最近我使用AWS S3存储桶为我的Django项目提供静态文件。 这是我的设置:

AWS_ACCESS_KEY_ID = config('AWS_ACCESS_KEY_ID') # 
AWS_SECRET_ACCESS_KEY = config('AWS_SECRET_ACCESS_KEY') # 
AWS_STORAGE_BUCKET_NAME = 'bucket-name' 
AWS_STATIC_LOCATION = 'static'
AWS_S3_CUSTOM_DOMAIN = '%s.s3.amazonaws.com' % AWS_STORAGE_BUCKET_NAME

AWS_S3_OBJECT_PARAMETERS = {
    'CacheControl': 'max-age=86400',
}
AWS_LOCATION = 'static'

STATICFILES_DIRS = [
    os.path.join(BASE_DIR, 'static'),
]
STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, AWS_LOCATION)
STATICFILES_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'

创建存储桶后,我可以看到这些选项默认为True

但是当我尝试从我的网站www.my-site.com或本地127.0.0.0.1:8000访问我的静态文件时,它显示403权限被拒绝。我错过了什么?

Request URL: https://bucket-name.s3.us-east-2.amazonaws.com/static/file-name.js
Request method: GET
Remote address: 52.0.0.0:443
Status code: 403

经过一些搜索,我试图定义一个CORS,如:

<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>
django amazon-web-services amazon-s3
1个回答
1
投票

Attach role to existing/running EC2 instance

为了能够定义IAM角色,您可以选择现有实例并将新角色附加为对EC2的S3访问

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.