AWS S3 bucket profile:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "allow-anon-put",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::dropbox-12345topsecrethash67890/*"
},
{
"Sid": "deny-other-actions",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"NotAction": "s3:PutObject",
"Resource": "arn:aws:s3:::dropbox-12345topsecrethash67890/*",
"Condition": {
"StringNotEquals": {
"aws:UserAgent": "eeeeeebfbc080d001c5852b40edeeee"
}
}
}
]
}
Anyone who knows S3 bucketname can upload file:
curl --request PUT --upload-file "z" "https://s3-ap-southeast-2.
To download user must know S3 bucketname and secret UserAgent key:
curl --user-agent eeeeeebfbc080d001c5852b40edeeee https://s3-ap-southeast-2.
No comments:
Post a Comment