AWS S3生成签名的URL``AccessDenied'' [英] AWS S3 Generating Signed Urls ''AccessDenied''
问题描述
我正在使用NodeJs将文件上传到AWS S3。我希望客户端能够安全地下载文件。因此,我正在尝试生成签名的URL,这些URL在一次使用后会过期。我的代码如下:
I am using NodeJs to upload files to AWS S3. I want the client to be able to download the files securely. So I am trying to generate signed URLs, that expire after one usage. My code looks like this:
上传
const s3bucket = new AWS.S3({
accessKeyId: 'my-access-key-id',
secretAccessKey: 'my-secret-access-key',
Bucket: 'my-bucket-name',
})
const uploadParams = {
Body: file.data,
Bucket: 'my-bucket-name',
ContentType: file.mimetype,
Key: `files/${file.name}`,
}
s3bucket.upload(uploadParams, function (err, data) {
// ...
})
下载
const url = s3bucket.getSignedUrl('getObject', {
Bucket: 'my-bucket-name',
Key: 'file-key',
Expires: 300,
})
问题
打开URL时,我得到以下信息:
When opening the URL I get the following:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>
There were headers present in the request which were not signed
</Message>
<HeadersNotSigned>host</HeadersNotSigned>
<RequestId>D63C8ED4CD8F4E5F</RequestId>
<HostId>
9M0r2M3XkRU0JLn7cv5QN3S34G8mYZEy/v16c6JFRZSzDBa2UXaMLkHoyuN7YIt/LCPNnpQLmF4=
</HostId>
</Error>
我无法找到错误。我真的很感谢您的帮助:)
I coultn't manage to find the mistake. I would really appreciate any help :)
推荐答案
您的代码正确,请仔细检查以下内容:
Your code is correct, double check the following things:
-
您的存储桶访问策略。
Your bucket access policy.
您的存储桶权限通过您的API密钥。
Your bucket permission via your API key.
您的API密钥和机密。
Your API key and secret.
您的存储桶名称和密钥。
Your bucket name and key.
对于存储桶策略,您可以使用以下命令:
For bucket policy you can use the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
用您的存储桶名称更改存储桶。
Change bucket with your bucket name.
对于用户和访问密钥权限(#2),您应遵循以下步骤:
For users and access key permission (#2), you should follow these steps:
1-Goto AWS Identity and d访问管理(IAM),然后单击策略链接,然后单击创建策略按钮。
1-Goto AWS Identity and Access Management (IAM) and click on Policies link and click on "Create policy" button.
2-选择JSON标签。
2-Select the JSON tab.
3-输入以下语句,确保更改存储桶名称,然后单击查看策略按钮。
3-Enter the following statement, make sure change the bucket name and click on "review policy" button.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::YOURBUCKETNAME"
}
]
}
4-输入名称您的策略,然后单击创建策略按钮。
4-Enter a name for your policy and click on "Create policy" button.
5-点击用户链接,找到您当前的用户名(您已经具有该用户名的访问密钥和秘密)
5-Click on Users link, and find your current username (You already have the access key and secret for that)
6-单击添加权限按钮。
6-Click on "add permission" button.
7-添加在上一步中创建的策略并保存。
7-Add the policy we created in the previous step and save.
最后,确保无法从公共访问您的存储桶,将正确的内容类型添加到文件中,并设置 signatureVersion:'v4'
Finally, make sure your bucket not accessible from Public, add the correct content type to your file and set signatureVersion: 'v4'
最终代码应该像这样,谢谢@Vaisakh PS:
The final code should be like this, thanks @Vaisakh PS:
const s3bucket = new AWS.S3({
signatureVersion: 'v4',
accessKeyId: 'my-access-key-id',
secretAccessKey: 'my-secret-access-key',
Bucket: 'my-bucket-name',
})
const uploadParams = {
Body: file.data,
Bucket: 'my-bucket-name',
ContentType: file.mimetype,
Key: `files/${file.name}`,
}
s3bucket.upload(uploadParams, function (err, data) {
// ...
})
const url = s3bucket.getSignedUrl('getObject', {
Bucket: 'my-bucket-name',
Key: 'file-key',
Expires: 300,
})
这篇关于AWS S3生成签名的URL``AccessDenied''的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!