无法从S3下载:访问被拒绝

huangapple go评论69阅读模式
英文:

Can not download from S3: Access Denied

问题

我有一个AWS Lambda函数,它从一个S3存储桶中获取图像文件(触发器),移除图像的背景,然后将其发送到另一个存储桶。

我在我的Node.js后端获取了已删除背景图像的URL,并将其发送到前端,但当我想在图像标签中显示它时,出现了“拒绝访问”的错误。我应该如何修复这个问题?

英文:

I have an AWS Lambda function that takes an image file from an s3 bucket (trigger), removes
the background from the image and then sends it to another bucket.

I get the url of the removed background image in my node js back-end and send it to the front-end but when I want to show it in image tag an error Access Denied appears. How can I fix this?

答案1

得分: 0

默认情况下,如果您通过https端点访问它们,S3对象是私有的。这很可能是您的情况。您有两种实现您想要的方式:

1- 通过存储桶策略使存储桶公开

{
  "Id": "您指定的策略名称",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadAccess",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
      "Principal": "*"
    }
  ]
}

这会带来安全漏洞,因为您可能不想将内容公开。

2- 使用预签名URL

通过S3中的预签名URL,您可以在不永久公开它们的情况下,为您的内容提供有时限的访问。

英文:

By default, if you access them over the https endpoints s3 objects are private. Which is most likely what is happening in your case. You have 2 ways of accomplishing what you want:

1- Make the bucket public through a bucket policy

{
  "Id": "PolicyNameThatYouSpecify",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadAccess",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
      "Principal": "*"
    }
  ]
}

This comes with its security flaws, as you may not want to make your content public.

2- Use presigned urls

With presigned urls in S3, you can give time limited access to your content without making them public permanently

huangapple
  • 本文由 发表于 2023年7月7日 03:34:42
  • 转载请务必保留本文链接:https://go.coder-hub.com/76632047.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定