适用于S3文件复制的AWS开发工具包v2 AllAccessDisabled错误 [英] AWS SDK v2 AllAccessDisabled error for S3 file copy
问题描述
我正在用我编写的Rails应用程序切换到新的aws-sdk,并且终生无法在v2 sdk中找到相应的工作方法.我也遇到无法解决的访问被拒绝问题.
I'm in the process of switching over to the new aws-sdk in a rails app I wrote and cannot for the life of me find working corresponding methods in the v2 sdk. I'm also running into access denied issues I can't work out.
我使用v1 sdk的方式是用户使用上传"命名空间键直接上传到s3,并在创建要处理的对象后,通过回调将文件移至长期键并删除旧的.这是一个示例:
The way I make use of the v1 sdk is that users directly upload to s3 using an "uploads" namespaced key, and after they create the object they're working on, a callback moves the file to the longterm key and deletes the old one. Here is an example of that:
def move_file
old_key = s3_key
new_key = "#{self.class.table_name}/#{id}/#{Digest::SHA1.hexdigest([Time.now, rand].join)}/#{filename}"
AWS.config(access_key_id: ENV['AWS_ACCESS_KEY_ID'], secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'], region: 'us-east-1')
s3 = AWS::S3.new
bucket_name = ENV['AWS_S3_BUCKET']
bucket = s3.buckets[bucket_name]
object = bucket.objects[old_key]
begin
object.move_to new_key, :acl => :public_read
rescue AWS::S3::Errors::NoSuchKey
errors.add(:base, "Oops! Something went wrong uploading your file. Please try again, and if the problem persists, open a trouble ticket.")
end
if !bucket.objects[old_key].exists? && bucket.objects[new_key].exists?
update_column(:s3_key, new_key)
end
end
效果很好,但现在我正尝试更新到新的SDK.我一直在尝试的是这样:
Works great, but now I'm trying to update to the new sdk. What I've been trying is this:
def move_file
old_key = file
new_key = "#{self.class.table_name}/#{id}/#{Digest::SHA1.hexdigest([Time.now, rand].join)}/#{filename}"
s3 = Aws::S3::Client.new
begin
s3.copy_object({copy_source:old_key, key:new_key, bucket: ENV['AWS_S3_BUCKET'], acl:'public-read'})
s3.delete_object({bucket: ENV['AWS_S3_BUCKET'], key:old_key})
update_column(:file, new_key)
rescue Aws::S3::Errors::ServiceError
errors.add(:base, "Oops! Something went wrong uploading your file. Please try again, and if the problem persists, open a trouble ticket.")
end
end
每当我尝试移动上载的文件时,它都会引发并出错- Aws :: S3 :: Errors :: AllAccessDisabled:对该对象的所有访问权限均已禁用
Whenever I try to move the uploaded file it throws and error - Aws::S3::Errors::AllAccessDisabled: All access to this object has been disabled
我尝试更改处理安全凭证的方式.我不是在裸访问密钥/秘密密钥对上,而是在IAM中创建了一个用户,附加了一个策略,该策略授予他们对S3的完全访问权限,并尝试使用这些凭据,但无济于事.
I have tried changing the way I handle security credentials. Instead of a naked access key/ secret key pair, I created a user in IAM, attached a policy that grants them full access to S3 and tried using those credentials, to no avail.
我做错了什么?但是,如果有人熟悉新的sdk,我的copy_object方法是否正确?
What am I doing wrong? But also, if anyone is familiar with the new sdk, is my copy_object approach even correct?
推荐答案
该错误是由传递给#copy_object
的:copy_source
值引起的.此值必须是源存储桶和源密钥,并用斜杠(/)分隔:
The error is caused by the :copy_source
value you are passing to #copy_object
. This value must be the source bucket and source key, separated by a slash (/):
"#{sourcebucket}/#{sourcekey}"
您的old_key
值包含一个正斜杠. Amazon S3正在采用该密钥的第一个路径段,并将其视为存储桶名称.由于您没有该存储桶的权限,因此收到了auth错误.您的凭据配置可能还不错.
Your old_key
value contains a forward slash. Amazon S3 is taking the first path segment of that key and treating it as a bucket name. Because you do not have permission to that bucket, you are getting an auth error. Your credential configuration is probably just fine.
要更正此错误:
def move_file
bucket = ENV["AWS_S3_BUCKET"]
old_key = file
new_key = "#{self.class.table_name}/#{id}/#{Digest::SHA1.hexdigest([Time.now, rand].join)}/#{filename}"
s3 = Aws::S3::Client.new
begin
s3.copy_object(bucket:bucket, key:new_key, copy_source:"#{bucket}/#{old_key}", acl:'public-read')
s3.delete_object(bucket:bucket, key:old_key)
update_column(:file, new_key)
rescue Aws::S3::Errors::ServiceError
errors.add(:base, "Oops! Something went wrong uploading your file. Please try again, and if the problem persists, open a trouble ticket.")
end
end
这篇关于适用于S3文件复制的AWS开发工具包v2 AllAccessDisabled错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!