我想通了。如果有人遇到类似问题,这里是存储桶策略 -
{
"Version": "2012-10-17",
"Id": "RestrictAccessPolicy",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::examplebucketname/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "52.12.34.56"
}
}
},
{
"Sid": "Allow get requests referred by referrer",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::examplebucketname/*",
"Condition": {
"StringLike": {
"aws:Referer": "http://yourwebsite.com/*"
}
}
},
{
"Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::examplebucketname/*",
"Condition": {
"StringNotLike": {
"aws:Referer": "http://yourwebsite.com/*"
}
}
}
]
}