为什么“缺少键对ID查询参数或Cookie值” [英] Why 'Missing Key-Pair-Id query parameter or cookie value'

问题描述

我正在尝试使用签名的URL通过AWS cloudfront将S3存储桶作为私有内容提供。

I am trying use signed url to serve S3 bucket as private content via AWS cloudfront.

但是我一直收到此错误'缺少键对ID查询参数或Cookie值

However I keep getting this error 'Missing Key-Pair-Id query parameter or cookie value'

<Error>
<Code>MissingKey</Code>
<Message>
Missing Key-Pair-Id query parameter or cookie value
</Message>
</Error>

以下是示例网址

< A HREF =http://test.example.com/TestContent/test.html?Expires=1431195459&Signature=DSk8HwFScg6EFJla1p8UHB9EM28zXB7k5AwrXZjzByzdlTSMCG-md6MvUFT~pneaahfPbCcvxNWqZNYu5Dc1IE1JrjOhFP52APFsVmJDlPmqoQzOoCECclEsSvMpTPgva8L4TazDLtI6E5EuV632y76ZA8XoT2KHhzcj7ux9XhvQ6wyiiQxK9rb13sZJ~Cm~4qI-028dd6UkEIu1tUIM~SFh72wYjik7v8sfz2z5T5bZGZJrrfryO0zA9wpkabFA8JkrmfuBm55XWqcVk5OSOkrNn7iyuXwmrEeBJxufaiWE84UbfS8He12fh6~-seTr7UnOCtC4mBf4qlGsxCzKiw__&Key-Pair-Id=my -test键的rel = noreferrer> http://test.example.com/TestContent/test.html?Expires=1431195459&Signature=DSk8HwFScg6EFJla1p8UHB9EM28zXB7k5AwrXZjzByzdlTSMCG-md6MvUFT~pneaahfPbCcvxNWqZNYu5Dc1IE1JrjOhFP52APFsVmJDlPmqoQzOoCECclEsSvMpTPgva8L4TazDLtI6E5EuV632y76ZA8XoT2KHhzcj7ux9XhvQ6wyiiQxK9rb13sZJ~Cm~4qI-028dd6UkEIu1tUIM~SFh72wYjik7v8sfz2z5T5bZGZJrrfryO0zA9wpkabFA8JkrmfuBm55XWqcVk5OSOkrNn7iyuXwmrEeBJxufaiWE84UbfS8He12fh6~-seTr7UnOCtC4mBf4qlGsxCzKiw__&密钥对ID = my-tes t键

我已验证签名中没有任何无效字符（'+'，'='，'/'）。

I have verified that I do not have any invalid characters ('+', '=', '/') in the signature.

并且密钥对ID 显然出现在签名的网址中。

And Key-Pair-Id is clearly present in the signed url.

我的问题：

1） my-test-key 是使用我的IAM创建的。

1) my-test-key is created using my IAM. Is it a problem?

2）是否必须在签名的url中提供策略？

2) Is it a must to provide a policy in a signed url?

3）我是否需要将对象 TestContent / test.html 的任何权限授予OAI？

3) Do I need to grant any permission to the object TestContent/test.html to the OAI?

编辑

如果我将Key-Pair-Id值更改为其他值，我会收到一条不同的错误消息

If I change the Key-Pair-Id value to something else, I will get a different error message

<Error>
<Code>InvalidKey</Code>
<Message>Unknown Key</Message>
</Error>

因此，aws cloudfront显然接受了Key-Pair-Id。

So apparently Key-Pair-Id is accepted by aws cloudfront.

推荐答案

您必须使用CloudFront特定的密钥对。有关如何下载或上传自己的公钥的更多信息：

You have to use CloudFront specific key pairs. More information on how to download or upload your own public key:

http://docs.aws.amazon.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#KeyPairs

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs

这篇关于为什么“缺少键对ID查询参数或Cookie值”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！