我需要阻止Amazon s3的特定用户代理。我对S3相当陌生,通常在.htaccess文件中执行此操作,据我了解,使用Amazon无法实现。
我看到了这个Deny access to user agent to access a bucket in AWS S3。解决方案看起来像这样:
{ "Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*",
"Condition":
{ "StringLike": { "aws:UserAgent": "*NSPlayer*" } }
}]
}
但是,我仍然希望允许该用户代理以外的所有其他用户访问该网站。我的政策目前看起来像这样:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.examplesite.com/*"
}
]
}
当我尝试实现它时,我得到了无效的json。所以,我很好奇格式化的正确方法是什么?我希望可以公开访问,但可以阻止一些不同的用户代理。另外,如果我要阻止多个用户代理,是否将用户代理用逗号分隔?
非常感谢您的帮助。
答案 0 :(得分:2)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.examplesite.com/*"
},
{
"Sid": "DenyUserAgents",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.examplesite.com/*",
"Condition": {
"StringLike": {
"aws:UserAgent": ["*Firefox*", ... more UserAgents ...]
}
}
}
]
}