admin管理员组

文章数量:1123711

Following scenario:

I want to share s3 content for example videos, but only with people from my own aws account. I dont give public access to the bucket, but i give the permissions for every aws user from my account to get the object.

But when i share the object URL and I or other people click on the URL, they get ACCESS DENIED. Why is that? I mean should s3 not check my cookies and check, whether I am allowed? If i go into the bucket, I can click on download like I am supposed to, but I find it very confusing, that I am not able to do this with the object URL.

Is the object URL somehow constraint or does AWS not check, whether I am logged in?

Following scenario:

I want to share s3 content for example videos, but only with people from my own aws account. I dont give public access to the bucket, but i give the permissions for every aws user from my account to get the object.

But when i share the object URL and I or other people click on the URL, they get ACCESS DENIED. Why is that? I mean should s3 not check my cookies and check, whether I am allowed? If i go into the bucket, I can click on download like I am supposed to, but I find it very confusing, that I am not able to do this with the object URL.

Is the object URL somehow constraint or does AWS not check, whether I am logged in?

  • amazon-web-services
  • amazon-s3
Share Improve this question asked yesterday DavidDavid 3,0135 gold badges37 silver badges86 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 4

S3 will not check if the requesting people are logged into their AWS accounts. Instead, the request must use one of the authentication methods.

If you want to share links that can be opened in a browser, pre-signed URLs are usually a good way to go. However, they expire after a maximum expiration time of 7 days. If you want longer expiration times, Cloudfront has more options to share content from S3 buckets securely.

Yes, that object URL (e.g. https://mybucket.s3.us-east-1.amazonaws.com/cat.jpg) is only viable for publicly readable objects.

Your logged-in AWS console session is with a different domain, for example https://us-east-1.console.aws.amazon.com and your authentication to that domain is not relevant when you attempt to fetch an object URL (from a different domain).

If you're wondering how the S3 console allows you to download an object, it's because the S3 console generates a pre-signed object URL and fetches that. It does not fetch the native object URL.

本文标签: amazon web servicesIs the object URL in s3 only for public accessStack Overflow

版权声明:本文标题:amazon web services - Is the object URL in s3 only for public access? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736590339a1945066.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。