用于上传文件的 AWS S3 generate_presigned_url 与 generate_presigned_post [英] AWS S3 generate_presigned_url vs generate_presigned_post for uploading files

问题描述

我正在使用预签名 URL 将文件上传和下载到 S3 存储桶.我遇到了这两种方法 generate_presigned_url('put_object') 和 generate_presigned_post.

这两种方法有什么区别?

# 使用 generate_presigned_url 和 put 对象上传文件到存储桶s3_client.generate_presigned_url('put_object', Params= {'Bucket': "BUCKET_NAME",密钥":OBJECT_KEY"}，过期时间 = 3600)# 使用预先签名的帖子将文件上传到存储桶s3_client.generate_presigned_post(Bucket=BUCKET_NAME", Key=OBJECT_PATH",过期时间 = 3600)

谁能解释一下两者的区别?

如果我们有 generate_presigned_post 为什么有一个带有 put_object 的 generate_presigned_url 方法用于上传.

注意:我知道generate_presigned_post 是推荐的文件上传方法，我也使用过.但是，没有明确的文档说明这些方法之间的区别.

解决方案

这是@jellycsc 评论的扩展版本.我也向 aws 支持发布了相同的查询.我从他们那里得到了以下答案.

更详细的解释在这里

在这里发布，因为它可能对某人有用.

这两种方法有什么区别?

由于 POST generate_presigned_post() 更加强大="noreferrer">政策 功能.POST 策略只是您在创建预签名 POST 时设置的条件.使用它，您可以允许某些 MIME 类型和文件扩展名，允许使用给定前缀上传多个文件，限制文件大小等等，这在 generate_presigned_url()

请注意，这两种方法都可用于实现相同的目标，即为用户提供可控制的方式将文件直接上传到 S3 存储桶.两者的过程也是一样的，后端需要在验证用户被授权后对请求进行签名，然后浏览器将文件直接发送到 S3.

区别:

网址结构:

PUT URL 对 URL 本身中的所有内容进行编码，因为没有其他内容返回给客户端.这意味着可以自定义的变量更少.

POST URL 对不同类型的信息使用多个字段.签名算法返回一个字段列表以及 URL 本身，客户端在访问预签名 URL 时也必须将这些字段发送到 S3.

虽然 PUT URL 提供了一个上传文件的目的地，没有任何其他必需的部分，但 POST URL 是为可以发送多个字段的表单制作的.但是，它们的用途不限于表单.

内容类型

对于 PUT URL，必须针对特定内容类型进行签名.这意味着您要么在后端对内容类型进行硬编码，例如，如果您希望允许用户上传 XML 文档，则为 application/xml，或者客户端必须发送所需的内容类型作为签名请求的一部分.

对于 POST URL，该策略支持前缀约束以及完全匹配.

内容长度:

对于 PUT URL，您无法控制上传文件的大小.

对于 POST URL，您可以在策略中设置允许的范围.

python 中的预签名帖子示例:

response = s3_client.generate_presigned_post(Bucket=BUCKET_NAME",密钥=S3KEY"，字段={内容类型":图像/jpg"}，条件=[开始"，$Content-Type"，图像/"]，过期时间 = 3600)

I was working on uploading and downloading a file to S3 bucket using pre-signed URLs.I came across these two methods generate_presigned_url('put_object') and generate_presigned_post.

What is the difference between these two methods?

# upload a file to a bucket with generate_presigned_url with put object
s3_client.generate_presigned_url('put_object', Params= {'Bucket': "BUCKET_NAME",
                                                        "Key":"OBJECT_KEY"},
                                                         ExpiresIn=3600)
  

# upload a file to a bucket using presigned post
s3_client.generate_presigned_post(Bucket="BUCKET_NAME", Key="OBJECT_PATH",
                                  ExpiresIn=3600)

Could someone please explain the difference between both?

If we have generate_presigned_post why was there a generate_presigned_url method with put_object for uploading in the first place.

Note : I know that generate_presigned_post is the recommended method for file uploads and I have used the same. However, there is no clear documentation on the difference between these methods.

解决方案

This is an extended version of @jellycsc's comment. I had posted the same query to aws support as well. I got the below answer from them.

More detailed explanation is given here

Posting here as it could be useful for someone.

What is the difference between these two methods?

generate_presigned_post() is more powerful because of the POST Policy feature. The POST Policy is simply conditions you set when creating the presigned POST. Using it, you can allow certain MIME types and file extensions, allow multiple files to be uploaded with a given prefix, restrict the file size, and more, which is not possible in generate_presigned_url()

Please note that both the methods can be used to fulfill the same goal, i.e provide controlled way for users to upload files directly to S3 buckets. The process is also the same for both as the backend needs to sign the request after validating that the user is authorized then the browser sends the file directly to S3.

Differences:

URLStructure:

PUT URLs encode everything in the URL itself as there is nothing else communicated back to the client. This means fewer variables can be customized.

POST URLs use multiple fields for different kinds of information. The signing algorithm returns a list of fields along with the URL itself and the client must send those to S3 as well while accessing the presigned URL.

While PUT URLs provide a destination to upload files without any other required parts, POST URLs are made for forms that can send multiple fields. However, their usage is not limited to forms.

Content Type

For PUT URLs the signing must be done for a specific content type. That means you either hardcode a content type on the backend, for example, application/xml if you want to allow users to upload XML documents, or the client must send the desired content type as part of the signing request.

For POST URLs the policy supports a prefix constraint as well as an exact match.

Content-Length:

In case of PUT URLs, you have no control over the size of the uploaded file.

For POST URLs you can set an allowed range in the policy.

Sample presigned post in python:

response = s3_client.generate_presigned_post(Bucket="BUCKET_NAME",
                                                     Key="S3KEY",
                                                     Fields={"Content-Type": "image/jpg"},
                                                     Conditions=["starts-with", "$Content-Type", "image/"],
                                                     ExpiresIn=3600)

这篇关于用于上传文件的 AWS S3 generate_presigned_url 与 generate_presigned_post的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！