为什么“缺少键对ID查询参数或Cookie值” [英] Why 'Missing Key-Pair-Id query parameter or cookie value'
问题描述
我正在尝试使用签名的URL通过AWS cloudfront将S3存储桶作为私有内容提供。
I am trying use signed url to serve S3 bucket as private content via AWS cloudfront.
但是我一直收到此错误'缺少键对ID查询参数或Cookie值
However I keep getting this error 'Missing Key-Pair-Id query parameter or cookie value'
<Error>
<Code>MissingKey</Code>
<Message>
Missing Key-Pair-Id query parameter or cookie value
</Message>
</Error>
以下是示例网址
< A HREF =http://test.example.com/TestContent/test.html?Expires=1431195459&Signature=DSk8HwFScg6EFJla1p8UHB9EM28zXB7k5AwrXZjzByzdlTSMCG-md6MvUFT~pneaahfPbCcvxNWqZNYu5Dc1IE1JrjOhFP52APFsVmJDlPmqoQzOoCECclEsSvMpTPgva8L4TazDLtI6E5EuV632y76ZA8XoT2KHhzcj7ux9XhvQ6wyiiQxK9rb13sZJ~Cm~4qI-028dd6UkEIu1tUIM~SFh72wYjik7v8sfz2z5T5bZGZJrrfryO0zA9wpkabFA8JkrmfuBm55XWqcVk5OSOkrNn7iyuXwmrEeBJxufaiWE84UbfS8He12fh6~-seTr7UnOCtC4mBf4qlGsxCzKiw__&Key-Pair-Id=my -test键的rel = noreferrer> http://test.example.com/TestContent/test.html?Expires=1431195459&Signature=DSk8HwFScg6EFJla1p8UHB9EM28zXB7k5AwrXZjzByzdlTSMCG-md6MvUFT~pneaahfPbCcvxNWqZNYu5Dc1IE1JrjOhFP52APFsVmJDlPmqoQzOoCECclEsSvMpTPgva8L4TazDLtI6E5EuV632y76ZA8XoT2KHhzcj7ux9XhvQ6wyiiQxK9rb13sZJ~Cm~4qI-028dd6UkEIu1tUIM~SFh72wYjik7v8sfz2z5T5bZGZJrrfryO0zA9wpkabFA8JkrmfuBm55XWqcVk5OSOkrNn7iyuXwmrEeBJxufaiWE84UbfS8He12fh6~-seTr7UnOCtC4mBf4qlGsxCzKiw__&密钥对ID = my-tes t键
我已验证签名中没有任何无效字符('+','=','/')。
I have verified that I do not have any invalid characters ('+', '=', '/') in the signature.
并且密钥对ID
显然出现在签名的网址中。
And Key-Pair-Id
is clearly present in the signed url.
我的问题:
1) my-test-key
是使用我的IAM创建的。
1) my-test-key
is created using my IAM. Is it a problem?
2)是否必须在签名的url中提供策略?
2) Is it a must to provide a policy in a signed url?
3)我是否需要将对象 TestContent / test.html
的任何权限授予OAI?
3) Do I need to grant any permission to the object TestContent/test.html
to the OAI?
编辑
如果我将Key-Pair-Id值更改为其他值,我会收到一条不同的错误消息
If I change the Key-Pair-Id value to something else, I will get a different error message
<Error>
<Code>InvalidKey</Code>
<Message>Unknown Key</Message>
</Error>
因此,aws cloudfront显然接受了Key-Pair-Id。
So apparently Key-Pair-Id is accepted by aws cloudfront.
推荐答案
您必须使用CloudFront特定的密钥对。有关如何下载或上传自己的公钥的更多信息:
You have to use CloudFront specific key pairs. More information on how to download or upload your own public key:
http://docs.aws.amazon.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#KeyPairs
这篇关于为什么“缺少键对ID查询参数或Cookie值”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!