简介:
计划将静态文件和生成的固化文件保存在bucket上,故需要将bucket的policy设置为匿名访问,然后前端用nginx做代理实现高可用。
命令:
s3cmd setpolicy examplepol s3://First-bucket # 设置桶策略
s3cmd delpolicy s3://First-bucket # 删除桶策略
s3cmd info s3://First-bucket # 查看桶策略
设置:
# 策略内容
cat examplepol
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::First-bucket/*"
]
}]
}
# 设置策略
s3cmd setpolicy examplepol s3://First-bucket
权限(S3 Action):
s3:AbortMultipartUpload
s3:CreateBucket
s3:DeleteBucketPolicy
s3:DeleteBucket
s3:DeleteBucketWebsite
s3:DeleteObject
s3:DeleteObjectVersion
s3:DeleteReplicationConfiguration
s3:GetAccelerateConfiguration
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetBucketLocation
s3:GetBucketLogging
s3:GetBucketNotification
s3:GetBucketPolicy
s3:GetBucketRequestPayment
s3:GetBucketTagging
s3:GetBucketVersioning
s3:GetBucketWebsite
s3:GetLifecycleConfiguration
s3:GetObjectAcl
s3:GetObject
s3:GetObjectTorrent
s3:GetObjectVersionAcl
s3:GetObjectVersion
s3:GetObjectVersionTorrent
s3:GetReplicationConfiguration
s3:ListAllMyBuckets
s3:ListBucketMultiPartUploads
s3:ListBucket
s3:ListBucketVersions
s3:ListMultipartUploadParts
s3:PutAccelerateConfiguration
s3:PutBucketAcl
s3:PutBucketCORS
s3:PutBucketLogging
s3:PutBucketNotification
s3:PutBucketPolicy
s3:PutBucketRequestPayment
s3:PutBucketTagging
s3:PutBucketVersioning
s3:PutBucketWebsite
s3:PutLifecycleConfiguration
s3:PutObjectAcl
s3:PutObject
s3:PutObjectVersionAcl
s3:PutReplicationConfiguration
s3:RestoreObject
验证:
http://ceph-object-01:7480/First-bucket/my-cluster/s3cmd.keyring
参考:
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
http://docs.ceph.com/docs/master/radosgw/bucketpolicy/#tag-policy
https://blog.csdn.net/baidu_26495369/article/details/81383513
网友评论