我有一个服务器，它应该提供临时AWS凭证到客户端。将发送使用HTTPS的凭证。

I have a server, which should provide temporary AWS credentials to the client. The credentials will be transmitted using HTTPS.

，客户端应能够上传S3中的文件，以及下载它们。我有令人担忧的是以下内容：

The client should be able to upload S3 files, as well as download them. The concern I have is the following:

我有多个用户只能访问自己的目录：/Users/someUser/myfile.png

I have multiple users accessing ONLY their own directory: /Users/someUser/myfile.png

您可以设置策略来允许或拒绝S3一般，但你不能只授予了访问特定的路径。

You can set policies to allow or deny S3 in general, but you can't grant only the access to a specific path.

我应该怎么办呢？请问HTTPS传输够吗？

What should I do about this? Will the HTTPS transmission be enough?

然后，我的第二个问题。 如果我听到临时凭证，我心里有一个关键，那就是有效了几个小时，然后到期。但我不知道，如果IAM是真正建立了这一点。 我应该为所有用户相同的凭据？ 还是我生成一个密钥对每个客户端？

Then my second question. If I hear "temporary credentials", I have a key in mind, that is valid for a couple of hours and then expires. But I'm not sure if IAM is really built for that. Should I provide the same credentials for all users? Or do I generate a key-pair for each client?

服务器，使用PHP，使用Objective-C客户端运行。

The server runs with PHP, the client with Objective-C.

推荐答案

您可以指定Amazon S3的路径上的权限。欲了解更多详情，请参阅以下内容：

You can specify permissions on a path in Amazon S3. For more details see the following:

使用IAM政策

另外，如果你想创建的临时凭证您可以使用AWS安全令牌服务。该服务允许您创建持续1凭据 - 36小时，你可以把一个策略上的这些凭证，以限制他们的访问。有关服务的更多详细信息，请参见：

Also, if you want to create "temporary credentials" you can use the AWS Security Token Service. This service allows you to create credentials that last from 1 - 36 hours and you can put a policy on those credentials to limit their access. For more details about the service see:

安全令牌服务参考

最后，对于AWS移动软件开发工具包，做类似的事情写了一篇文章。它有一个服务器颁发临时证书，以使用亚马逊S3存储的用户。它限制了用户一个子文件夹铲斗也限制他们的行动。你可以阅读和该样品在这里：

Finally, there is an article written for the AWS Mobile SDKs that does something similar. It has a server to issue temporary credentials to users that use an Amazon S3 bucket. It limits the users to a "sub-folder" of the bucket and also limits their actions. You can read and this sample here:

凭据管理移动应用

希望这有助于你得到你所需要的信息。

Hope this helps you get to the information you need.