英文:
Can not download from S3: Access Denied
问题
我有一个AWS Lambda函数,它从一个S3存储桶中获取图像文件(触发器),移除图像的背景,然后将其发送到另一个存储桶。
我在我的Node.js后端获取了已删除背景图像的URL,并将其发送到前端,但当我想在图像标签中显示它时,出现了“拒绝访问”的错误。我应该如何修复这个问题?
英文:
I have an AWS Lambda function that takes an image file from an s3 bucket (trigger), removes
the background from the image and then sends it to another bucket.
I get the url of the removed background image in my node js back-end and send it to the front-end but when I want to show it in image tag an error Access Denied appears. How can I fix this?
答案1
得分: 0
默认情况下,如果您通过https端点访问它们,S3对象是私有的。这很可能是您的情况。您有两种实现您想要的方式:
1- 通过存储桶策略使存储桶公开
{
"Id": "您指定的策略名称",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadAccess",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
"Principal": "*"
}
]
}
这会带来安全漏洞,因为您可能不想将内容公开。
2- 使用预签名URL
通过S3中的预签名URL,您可以在不永久公开它们的情况下,为您的内容提供有时限的访问。
英文:
By default, if you access them over the https endpoints s3 objects are private. Which is most likely what is happening in your case. You have 2 ways of accomplishing what you want:
1- Make the bucket public through a bucket policy
{
"Id": "PolicyNameThatYouSpecify",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadAccess",
"Action": [
"s3:GetObject",
"s3:PutObject",
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
"Principal": "*"
}
]
}
This comes with its security flaws, as you may not want to make your content public.
2- Use presigned urls
With presigned urls in S3, you can give time limited access to your content without making them public permanently
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论