馃幆 诪讟专讜转 讛诇诪讬讚讛
- 诇讛讘讬谉 讗转 讛讛讘讚诇 讘讬谉 Public Access Block 诇-S3 Bucket Policy
- 诇诇诪讜讚 讻讬爪讚 诇讛砖讘讬转 讗转 Public Access Block 讻讚讬 诇讗驻砖专 讙讬砖讛 爪讬讘讜专讬转
- 诇讬爪讜专 S3 Bucket Policy 砖诪讗驻砖专转 read-only access (s3:GetObject)
- 诇讛砖转诪砖 讘-jsonencode 讘賭 Terraform 诇讛诪专转 诪讚讬谞讬讜转 诇-JSON
- 诇讛转诪讜讚讚 注诐 race conditions 讘讝诪谉 讛讞诇转 讛拽讜讚
- 诇讛讘讬谉 讻讬爪讚 诇讘讚讜拽 permissions 讘讗诪爪注讜转 IAM
讞诇拽 1: 讛讘谞转 Public Access Block 讜讘讬讟讞讜谉
讛住讘专
讻讚讬 砖讗谞砖讬诐 讬讜讻诇讜 诇讛讙讬注 诇讗转专 讛住讟讟讬 砖诇谞讜, 注诇讬谞讜 诇讛砖讘讬转 讗转 Public Access Block 砖诇 讛-bucket. 讝讛 诪专砖讛 诇讗谞砖讬诐 诪讞讜抓 诇-AWS 诇拽专讜讗 拽讘爪讬诐 诪讛-bucket. 注诐 讝讗转, 讗谞讜 专讜爪讬诐 诇讛讙讘讬诇 讗转 讛讙讬砖讛 专拽 诇-read operations (住讬讜诐 讘拽讘爪讬诐), 讜诇讗 诇讻转讬讘讛 讗讜 诪讞讬拽讛.
谞拽讜讚讜转 诪驻转讞
- Public Access Block 讛讜讗 layer 砖诇 讗讘讟讞讛 讘-S3
- Bucket Policy 讛讜讗 layer 谞讜住祝 砖诪讙讚讬专 诪讛 讬讻讜诇 诇注砖讜转 讻诇 诪砖转诪砖
- 砖讬诪讜砖 讘砖谞讬讛诐 讘讬讞讚 诪住驻拽 砖讻讘讜转 讗讘讟讞讛 诪专讜讘讜转
- 讛-s3:GetObject action 诪讗驻砖专 诇-users 诇拽专讜讗 拽讘爪讬诐 住驻爪讬驻讬讬诐 讘诇讘讚
讞诇拽 2: 诪砖讘讬转 讗转 Public Access Block
讛住讘专
谞拽讘讬诇 resource 讞讚砖 讘砖诐 aws_s3_bucket_public_access_block. resource 讝讛 诪讙讚讬专 讗转 讛-configuration 砖诇 讛-Public Access Block 注讘讜专 讛-bucket 砖诇谞讜.