MK博客

large picture of the cover

AWS CLI s3 常用命令大全(二)

本篇文章继续了AWS CLI s3 常用命令大全展开的对于AWS s3存储桶的一些配置项通过CLI操作和配置的方法

1. 基本S3存储桶创建

创建存储桶

# 创建存储桶(默认当前区域)
aws s3 mb s3://my-bucket-name
​
# 创建存储桶(指定区域)
aws s3 mb s3://my-bucket-name --region us-east-1
​

2. 开启S3存储桶加密

方法一:使用AWS CLI设置默认加密

# 设置默认加密(AES-256)
aws s3api put-bucket-encryption \
    --bucket my-bucket-name \
    --server-side-encryption-configuration \
    '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
​
# 设置默认加密(KMS加密)
aws s3api put-bucket-encryption \
    --bucket my-bucket-name \
    --server-side-encryption-configuration \
    '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "aws:kms", "KMSMasterKeyID": "arn:aws:kms:us-west-2:123456789012:key/your-key-id"}}]}'
​# 将arn:aws:kms:us-west-2:123456789012:key/your-key-id改为自己的KMS的ARN
# 查看当前加密配置
aws s3api get-bucket-encryption --bucket my-bucket-name

方法二:使用JSON文件配置

# 创建加密配置文件
cat > encryption-config.json << EOF
{
    "Rules": [
        {
            "ApplyServerSideEncryptionByDefault": {
                "SSEAlgorithm": "AES256"
            }
        }
    ]
}
EOF

# 应用配置
aws s3api put-bucket-encryption \
    --bucket my-bucket-name \
    --server-side-encryption-configuration file://encryption-config.json

3. 设置版本控制

启用版本控制

# 启用版本控制
aws s3api put-bucket-versioning \
    --bucket my-bucket-name \
    --versioning-configuration Status=Enabled

# 查看版本控制状态
aws s3api get-bucket-versioning --bucket my-bucket-name

# 禁用版本控制
aws s3api put-bucket-versioning \
    --bucket my-bucket-name \
    --versioning-configuration Status=Suspended

4. 配置S3生命周期策略

创建生命周期策略

# 创建生命周期策略文件 lifecycle-config.json
cat > lifecycle-config.json << EOF
{
    "Rules": [
        {
            "ID": "DeleteOldVersions",
            "Status": "Enabled",
            "Filter": {"Prefix": ""},
            "NoncurrentVersionExpiration": {
                "NoncurrentDays": 30
            },
            "AbortIncompleteMultipartUpload": {
                "DaysAfterInitiation": 7
            }
        },
        {
            "ID": "ArchiveOldFiles",
            "Status": "Enabled",
            "Filter": {"Prefix": "archive/"},
            "Transitions": [
                {
                    "Days": 30,
                    "StorageClass": "STANDARD_IA"
                },
                {
                    "Days": 90,
                    "StorageClass": "GLACIER"
                }
            ],
            "Expiration": {
                "Days": 365
            }
        }
    ]
}
EOF

# 简短的
cat > lifecycle-config-1.json <<EOF
{
  "Rules": [{
    "ID": "GameRule",
    "Status": "Enabled",
    "Filter": {},
    "Transitions": [{
      "Days": 30,
      "StorageClass": "STANDARD_IA"
    }]
  }]
}
EOF

应用生命周期策略

# 应用生命周期策略
aws s3api put-bucket-lifecycle-configuration \
    --bucket my-bucket-name \
    --lifecycle-configuration file://lifecycle-config.json

# 查看生命周期策略
aws s3api get-bucket-lifecycle-configuration --bucket my-bucket-name

# 删除生命周期策略
aws s3api delete-bucket-lifecycle --bucket my-bucket-name

5. 完整的脚本示例

创建完整的S3存储桶配置脚本

#!/bin/bash

# 配置变量
BUCKET_NAME="my-production-bucket-$(date +%Y%m%d-%H%M%S)"
REGION="us-west-2"

echo "创建S3存储桶: $BUCKET_NAME"

# 1. 创建存储桶
aws s3 mb s3://$BUCKET_NAME --region $REGION

# 2. 设置默认加密
echo "设置默认加密..."
aws s3api put-bucket-encryption \
    --bucket $BUCKET_NAME \
    --server-side-encryption-configuration \
    '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

# 3. 启用版本控制
echo "启用版本控制..."
aws s3api put-bucket-versioning \
    --bucket $BUCKET_NAME \
    --versioning-configuration Status=Enabled

# 4. 创建生命周期策略
cat > lifecycle-config.json << EOF
{
    "Rules": [
        {
            "ID": "DeleteOldVersions",
            "Status": "Enabled",
            "Filter": {"Prefix": ""},
            "NoncurrentVersionExpirationInDays": 30,
            "AbortIncompleteMultipartUpload": {
                "DaysAfterInitiation": 7
            }
        },
        {
            "ID": "ArchiveOldFiles",
            "Status": "Enabled",
            "Filter": {"Prefix": "archive/"},
            "Transitions": [
                {
                    "Days": 30,
                    "StorageClass": "STANDARD_IA"
                },
                {
                    "Days": 90,
                    "StorageClass": "GLACIER"
                }
            ],
            "ExpirationInDays": 365
        }
    ]
}
EOF

# 应用生命周期策略
echo "应用生命周期策略..."
aws s3api put-bucket-lifecycle-configuration \
    --bucket $BUCKET_NAME \
    --lifecycle-configuration file://lifecycle-config.json

# 5. 验证配置
echo "验证配置..."
echo "存储桶加密:"
aws s3api get-bucket-encryption --bucket $BUCKET_NAME

echo "版本控制状态:"
aws s3api get-bucket-versioning --bucket $BUCKET_NAME

echo "生命周期策略:"
aws s3api get-bucket-lifecycle-configuration --bucket $BUCKET_NAME

# 清理临时文件
rm lifecycle-config.json

echo "S3存储桶配置完成!"

6. 高级配置选项

设置跨域访问控制(CORS)

# CORS配置文件 cors-config.json
cat > cors-config.json << EOF
{
    "CORSRules": [
        {
            "AllowedHeaders": ["*"],
            "AllowedMethods": ["GET", "POST", "PUT"],
            "AllowedOrigins": ["https://www.example.com"],
            "MaxAgeSeconds": 3000
        }
    ]
}
EOF

# 应用CORS配置
aws s3api put-bucket-cors \
    --bucket my-bucket-name \
    --cors-configuration file://cors-config.json

设置访问控制列表(ACL)和权限

# 设置存储桶ACL为私有
aws s3api put-bucket-acl \
    --bucket my-bucket-name \
    --acl private

# 设置对象ACL
aws s3api put-object-acl \
    --bucket my-bucket-name \
    --key my-file.txt \
    --acl private

7. 验证和监控

验证所有配置

# 检查存储桶详情
aws s3api head-bucket --bucket my-bucket-name

# 列出存储桶中的对象
aws s3 ls s3://my-bucket-name --recursive

监控和日志

# 启用访问日志
aws s3api put-bucket-logging \
    --bucket my-bucket-name \
    --bucket-logging-status \
    '{"LoggingEnabled": {"TargetBucket": "my-log-bucket", "TargetPrefix": "logs/"}}'

这些命令提供了完整的S3存储桶配置,包括安全性、版本控制、生命周期管理等关键功能。您可以根据具体需求调整配置参数。

site logo

Hi,Friend

© 2025 MK博客