保护S3的数据

[workshop] https://catalog.workshops.aws/s3demystify/en-US

跟着上面的workshop配置,您将全面保护您在Amazon S3中的最敏感数据。workshop将涵盖与AWS IAM、AWS KMS密钥策略、Amazon S3桶策略和Amazon VPC端点的整合。您将建立一个S3环境,实现一系列常见的安全要求:职责分离、基于网络的安全控制和服务级安全控制,利用基于角色的访问和基于属性的访问模式与Amazon S3对象标签。你将了解利用不同类型的访问控制的力量,将它们有效地应用到你自己的数据安全用例中。

S3 Presigned URLs - S3预签名

A user who does not have AWS credentials or permission to access an S3 object can be granted temporary access by using a presigned URL.

A presigned URL is generated by an AWS user who has access to the object. The generated URL is then given to the unauthorized user. The presigned URL can be entered in a browser or used by a program or HTML webpage. The credentials used by the presigned URL are those of the AWS user who generated the URL.

A presigned URL remains valid for a limited period of time which is specified when the URL is generated.

最后更新于