網頁

2022/5/7

AWS S3 bucket建立Access Point

AWS S3 bucket建立Access Point。


簡介

S3 bucket的access point為一個可供存取的網路接點,可在上面另外設定policy決定各種操作權限來簡化S3 bucket的管理。


事前要求

參考「AWS 建立S3 bucket並上傳檔案」建立S3 bucket s3-demo-bucket-202112151320


建立Access Point

在AWS console的S3 bucket選擇[Access Points]頁籤,點選[Create access point]。



[Access point name]設定名稱,範例為s3-demo-bucket。[Network origin]選擇[internet],可直接由網際網路存取。



[Block Public Access settings for this Access Point]維持預設的[Block all public access]



[Access Point policy]維持預設,然後按最下面的[Create access point]完成建立。



回到S3 bucket的[Access Points]頁籤或點選S3服務左側選單的[Access Points]即可看到建立的access point,點擊進入查看詳細資訊。



Access Point是S3 bucket的存取點,所以擁有的object同代表的S3 bucket。



點選Access Point的[Properties]頁籤可看到[Bucket]名稱、[Network origin]、[S3 URI]、[ARN]、[Access Point alias]等資訊。



Access point的ARN格式為arn:aws:s3:<region>:<account-id>:accesspoint/<resource>

  • <region> - S3 bucket的AWS區域。範例為ap-northeast-1
  • <account-id> - AWS帳戶ID。範例為400361196721
  • <resource> - Access point名稱。範例為s3-demo-bucket

所以範例access point的ARN為:
arn:aws:s3:ap-northeast-1:400361196721:accesspoint/s3-demo-bucket


AWS CLI測試

在AWS CLI以s3api list-objects-v2 --bucket <value>查詢S3 bucket的objects時,<value>輸入access point的ARN。輸入aws s3api list-objects-v2 --bucket arn:aws:s3:ap-northeast-1:400361196721:accesspoint/s3-demo-bucket如下。

$ aws s3api list-objects-v2 --bucket arn:aws:s3:ap-northeast-1:400361196721:accesspoint/s3-demo-bucket
{
    "Contents": [
        {
            "Key": "hello.txt",
            "LastModified": "2021-12-15T05:27:43+00:00",
            "ETag": "\"5eb63bbbe01eeed093cb22bb8f5acdc3\"",
            "Size": 11,
            "StorageClass": "STANDARD"
        }
    ]
}

效果同輸入bucket名稱aws s3api list-objects-v2 --bucket s3-demo-bucket-202112151320

$ aws s3api list-objects-v2 --bucket s3-demo-bucket-202112151320
{
    "Contents": [
        {
            "Key": "hello.txt",
            "LastModified": "2021-12-15T05:27:43+00:00",
            "ETag": "\"5eb63bbbe01eeed093cb22bb8f5acdc3\"",
            "Size": 11,
            "StorageClass": "STANDARD"
        }
    ]
}


Go AWS SDK測試

參考「Golang 從本機取得AWS S3 bucket objects清單」範例中bucket的值由原本的bucket名稱s3-demo-bucket-202112151320改為access point的ARNarn:aws:s3:ap-northeast-1:400361196721:accesspoint/s3-demo-bucket如下。

main.go

...
func main() {
    ctx := context.TODO()

    client := NewS3Client(ctx)

    bucket := "arn:aws:s3:ap-northeast-1:400361196721:accesspoint/s3-demo-bucket"
    output := GetListObjectsOutput(ctx, client, bucket)

    for _, object := range output.Contents {
        fmt.Printf("key=%s\n", aws.ToString(object.Key))
    }
}
...

執行Go應用程式輸出以下結果。

key=hello.txt

沒有留言:

張貼留言