https://dev.classmethod.jp/articles/lim-s3-cors-2021/
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 2. S3 バケットを作成する
aws s3 mb s3://bucket123-1
aws s3 mb s3://bucket123-2
aws s3 ls
-- 3. バケットにオブジェクトをアップロードする
vim index.html
<!DOCTYPE html>
<html lang="en">
<head>
<title>Document</title>
</head>
<body>
<p>This is first page.</p>
</body>
<div id="tofetch">
<script>
var tofetch = document.getElementById("tofetch");
fetch('http://bucket123-2.s3-website-ap-northeast-1.amazonaws.com/secondpage.html')
.then((response) => {
return response.text();
})
.then((html) => {
tofetch.innerHTML = html
});
</script>
</html>
vim secondpage.html
<p>This is second page.</p>
vim error.html
<h1>This is error page.</h1>
aws s3api put-object --bucket bucket123-1 --key index.html --body index.html --content-type text/html
aws s3api put-object --bucket bucket123-1 --key error.html --body error.html --content-type text/html
aws s3api put-object --bucket bucket123-2 --key secondpage.html --body secondpage.html --content-type text/html
aws s3 ls s3://bucket123-1 --recursive
aws s3 ls s3://bucket123-2 --recursive
-- 4. 静的ウェブサイトホスティングの有効化
-- 4.1 bucket123-1の設定
vim a1.json
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "error.html"
}
}
aws s3api put-bucket-website \
--bucket bucket123-1 \
--website-configuration file://a1.json
aws s3api get-bucket-website \
--bucket bucket123-1
-- 4.2 bucket123-2の設定
vim a2.json
{
"IndexDocument": {
"Suffix": "secondpage.html"
}
}
aws s3api put-bucket-website \
--bucket bucket123-2 \
--website-configuration file://a2.json
aws s3api get-bucket-website \
--bucket bucket123-2
-- 5. パブリックアクセスブロック設定の編集
-- 5.1 アカウントレベル
aws s3control put-public-access-block \
--account-id 999999999999 \
--public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
aws s3control get-public-access-block \
--account-id 999999999999
-- 5.2 バケットレベル
aws s3api put-public-access-block \
--bucket bucket123-1 \
--public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
aws s3api get-public-access-block \
--bucket bucket123-1
aws s3api put-public-access-block \
--bucket bucket123-2 \
--public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
aws s3api get-public-access-block \
--bucket bucket123-2
-- 6. バケットポリシーの設定
-- 6.1 bucket123-1の設定
vim b1.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket123-1/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [ "203.0.113.1/32" ,"203.0.113.2/32" ]
}
}
}
]
}
※IPアドレス制限追加
aws s3api put-bucket-policy \
--bucket bucket123-1 \
--policy file://b1.json
aws s3api get-bucket-policy \
--bucket bucket123-1
-- 6.2 bucket123-2の設定
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket123-2/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [ "203.0.113.1/32" ,"203.0.113.2/32" ]
}
}
}
]
}
※IPアドレス制限追加
aws s3api put-bucket-policy \
--bucket bucket123-2 \
--policy file://b2.json
aws s3api get-bucket-policy \
--bucket bucket123-2
-- 7. CORSの設定
{
"CORSRules": [
{
"AllowedOrigins": ["http://bucket123-1.s3-website-ap-northeast-1.amazonaws.com"],
"AllowedHeaders": ["Authorization"],
"AllowedMethods": ["GET"],
"MaxAgeSeconds": 300,
"ExposeHeaders": []
}
]
}
aws s3api put-bucket-cors \
--bucket bucket123-2 \
--cors-configuration file://cors.json
aws s3api get-bucket-cors \
--bucket bucket123-2
-- 8. 動作確認
http://bucket123-1.s3-website-ap-northeast-1.amazonaws.com
→
CORS設定前は2行目が表示されない
CORS設定後は2行目が表示される
curl http://bucket123-1.s3-website-ap-northeast-1.amazonaws.com
http://bucket123-2.s3-website-ap-northeast-1.amazonaws.com/secondpage.html
curl http://bucket123-2.s3-website-ap-northeast-1.amazonaws.com/secondpage.html
-- 9. クリーンアップ
aws s3 rb s3://bucket123-1 --force
aws s3 rb s3://bucket123-2 --force
-- アカウントレベルのパブリックアクセスブロックの有効化
aws s3control put-public-access-block \
--account-id 999999999999 \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
aws s3control get-public-access-block \
--account-id 999999999999