- 最新
- 最多得票
- 最多評論
This should help:
To allow access to your Amazon S3 bucket only from a CloudFront distribution, first add an origin access identity (OAI)[1] to your distribution. Then, review your bucket policy and Amazon S3 access control list (ACL)[2] to be sure that:
• Only the OAI can access your bucket.
• CloudFront can access the bucket on behalf of requesters.
• Users can't access the objects in other ways, such as by using Amazon S3 URLs.
Note: After you restrict access to your bucket using CloudFront, you can optionally add another layer of security by integrating AWS WAF[3].
[1] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-creating-oai
[2] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-granting-permissions-to-oai
[3] https://docs.aws.amazon.com/waf/latest/developerguide/getting-started.html
相關內容
- AWS 官方已更新 1 年前