是否可以限制AWS S3对象,以便仅通过AWS Cognito进行身份验证的用户才能访问该对象?我还没有找到一种方法来实现这一点,但我认为这是一个使用案例。
我想通过AWS S3托管网站并限制某些对象(我的页面),以便如果用户直接访问它们,则会收到权限被拒绝的错误。但如果用户通过AWS Cognito进行了身份验证,则应该可以访问该对象。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Deny access to objects in the secured directory.",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::domain.com/secured/*"
},
{
"Sid": "Only allowed authenticated users access to a specific bucket.",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::x:role/Cognito_Domain_IdP_Auth_Role"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::domain.com/secured/*"
},
{
"Sid": "Read access for web hosting.",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::domain.com/*"
}
]
}