s3¿¡ ÆÛºí¸¯ °´Ã¼¿Í ÇÁ¶óÀ̺ø °´Ã¼¸¦ µ×½À´Ï´Ù. (°¢°¢ public.jpg, private.jpg)
cloudfront origin ¼³Á¤¿¡¼ OAI ¸¦ ¸¸µé¾î¼ s3 bucket policy ¿¡ s3.GetObject Çã¿ë ÇØÁá½À´Ï´Ù.
cloudfront behavior ¼³Á¤¿¡¼ Restrict viewer access: NO ·Î ¼³Á¤ Çß½À´Ï´Ù.
ÀÌ°É YES ·Î Çؼ public key ³Ö¾îÁá´õ´Ï, s3ÀÇ public °´Ã¼µµ key pair id ¾øÀÌ´Â ¸ø °¡Á®¿À´õ¶ó±¸¿ä. (signed url ¿äûÇؾ߸¸ °¡Á®¿Ã ¼ö ÀÖÀ½)
ÇöÀç »óȲÀº ÀÌ·¸½À´Ï´Ù:
s3 url ·Î ¿äû½Ã public.jpg ´Â Ç¥½Ã°¡ µÇ°í private.jpg ´Â access deny °¡ ¶á´Ù. (Á¤»óÀÛµ¿)
cloudfront ¿äû½Ã public.jpg, private.jpg ¸ðµÎ Ç¥½Ã°¡ µÈ´Ù.
Á¦°¡ ¿øÇÏ´Â ÀÛµ¿Àº s3 url ·Î ¿äûÇßÀ» ¶§¿Í ¸¶Âù°¡Áö·Î,
cloudfront ·Î Á¢¼ÓÇؼ °¢°¢ÀÇ À̹ÌÁö ÆÄÀÏ¿¡ ´ëÇÑ ¿äûÀ» ÇßÀ» ¶§ public.jpg ´Â ±×´ë·Î Ç¥½ÃÇØÁÖ°í private.jpg ´Â access deny °¡ Ç¥½ÃµÇ´Â °ÍÀÔ´Ï´Ù. (cloudfront¿¡¼ private.jpgÀÇ signed urlÀ» ¿äûÇؼ ¾òÀº url ·Î¸¸ private.jpg À» Ç¥½ÃÇÏ°í ½Í½À´Ï´Ù.)
s3 bucket policy ¿¡¼ oai ºÎºÐ¿¡ condition string equals x-amz-acl: public-read ¸¦ ÁÖ·Á°í ÇغÃÀ¸³ª action s3.GetObject ¿Í resource: s3 bucket ¿¡ ´ëÇؼ ±× ÄÁµð¼ÇÀº ³ÖÀ» ¼ö ¾ø´Ù°í ÇÏ³×¿ä ¤Ð¤Ð ³Ê¹« È°¡ ³³´Ï´Ù
±×·¸´Ù°í restrict viewer access ¸¦ yes ·Î ÇÏÀÚ´Ï, ¸ðµç ÆÄÀÏ¿¡ ´ëÇØ signed url À» ¿äûÇؾߵǰí...
Á¦°¡ ¹» À߸øÇѰɱî¿ä ¤Ð¤Ð s3 °´Ã¼ÀÇ public access ¸¦ ¿Ö cloud front ´Â ¹«½ÃÇϴ°ǰ¡¿ä ¤Ð¤Ð 18.216.159.19 |
2021.08.10 17:50:51 |
aws cloudfront¿Í s3 ¿¬µ¿¿¡ °üÇÑ Áú¹® ¤Ð¤Ð |
Áú¹® | 2,345¸íÀÌ Àоú¾î¿ä. 18.216.159.19 | | 10
|
´ñ±Û 5°³ |
restrict viewer access ÇϼžßÁÒ | |
2021/08/10 18:07
|
yes·Î | |
2021/08/10 18:07
|
2 ±Ùµ¥ ±×·¯¸é public °´Ã¼¿¡ ´ëÇؼµµ signed url request ¸¦ ³¯·ÁÁà¾ß µÇ´øµ¥¿© ¤Ð¤Ð? missing key pair id Àΰ¡ ¹º°¡ ÇÏ´Â ¿¡·¯ ¶§¹®¿¡ ÆÛºí¸¯ °´Ã¼°¡ ¾È³ª¿Í¿ä... | |
2021/08/10 18:28
|
yes ·Î ÇÏ°í signed url ³¯·Á¾ßµÊÀ¯ | |
2021/08/10 20:38
|
4 ¾Æ... ÆÛºí¸¯À̸é s3·Î ¸®´ÙÀÌ·ºÆ® ÇÏ´Â ±×·± ±â´ÉÀº ¾ø´Â°Å±º¿©
±×³É ¹«Á¶°Ç signed ÇؾߵǴ°ų׿© ¤Ð¤Ð 1,2,4 °¨»çÇÕ´Ï´Ù..¤Ð¤Ð |
|
2021/08/10 21:09
|
¸Þ´º | ¸ñ·Ï | ¸ÇÀ§·Î | ·Î±×ÀÎ |