Is there a conflict between recycle policies and signed URLs?

Question

Is there a conflict between recycle policies and signed URLs?

Some files in my bucket are set to public-read(ACL). Therefore, I read somewhere that setting up a policy in the form of a basket allows you to automatically install all files in a bucket into private ones.

bucketnameis a placeholder for the actual bucket name. My cart policy:

{
    "Version": "2008-10-17",
    "Id": "Policy1331182170360",
    "Statement": [
        {
            "Sid": "Stmt1331182162671",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucketname/*"
        }
    ]
}

In one of my controllers, I have:

    s3 = Aws::S3.new(APP_CONFIG['amazon_access_key_id'], APP_CONFIG['amazon_secret_access_key'])
    bucket_gen = Aws::S3Generator::Bucket.create(s3, APP_CONFIG['amazon_bucket_name'])
    signed_url = bucket_gen.get("#{URI.unescape(URI.parse(URI.escape(@song.encoded_file_url)).path[1..-1])}", 10.minute) 
    redirect_to signed_url and return

I am redirected, but I always refuse access. However, if I delete the bucket policy, I am redirected to the signed URL and everything works fine.

, , URL-. , Amazon Web Console . . url ( ) . . URL- . , , .

URL-?

+5

ruby-on-rails ruby-on-rails-3 amazon-s3 amazon-web-services

Christian Fazzini 08 . '12 7:24

1

Frederick Cheung · Accepted Answer · 2012-03-08T09:48:20+0000

( ) ( ). URL- - AWS ( ), .

, , , , . , , , .

, , , URL- ( , )

{
  "Sid":"AddSpecific",
  "Effect":"Allow",
  "Principal": {
    "AWS": ["1234-5678-9012"]
   },
  "Action":["Action": "s3:GetObject"],
  "Resource":["arn:aws:s3:::bucket/*"]
}

URL- (, 1234-5678-9012 aws. IAM, iam- - )

Is there a conflict between recycle policies and signed URLs?

More articles: