我服务使用亚马逊S3存储一个静态的网站。我知道，我可以限制读取访问某些文件夹（真钥匙，因为S3没有文件夹），但我真的很想做的是通过文件扩展名限制访问。

I'm serving a static website using an Amazon S3 bucket. I know that I can limit read access to certain "folders" (really keys, since S3 doesn't have folders) but what I'd really like to do is limit access by file extension.

换句话说，我想说的是给读访问每个人在这个桶的任何文件，只要该文件HTM / CSS / JS / PNG结束;这可能吗？

In other words, I want to say "give read access to everyone for any file in this bucket, as long as that file ends in htm/css/js/png"; is that possible?

（顺便说一句，我担心的是，我会不小心上传git的文件，或类似的，我不希望展现给世界的东西;从被显示设置安全策略，以prevent此类文件似乎不是信任自己，永远不小心上传了错误的文件）更安全。

(As an aside, my concern is that I will accidentally upload a .git file, or something similar that I don't want to show to the world; setting a security policy to prevent such files from being shown seems safer than trusting myself to never accidentally upload the wrong file).

推荐答案

是的，这是可能的。你可以写一个桶政策。您可以使用常规的EX pressions定义哪些对象受您的策略（examples).

Yes, it's possible. You can write a Bucket Policy. You can use regular expressions to define which objects are affected by your policy (examples).

您政策将类似于：

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "auniqueid",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*.jpg"
        }
    ]
}

这将拒绝访问所有 JPG 的buket的文件斗。

This will deny access to all jpg files of the buket bucket.