boto3签名与S3不匹配 [英] boto3 signature doesn't match with S3
问题描述
我正在尝试使用boto3
从Heroku
上传到S3
,但是我一直收到错误<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
.我尝试使用pre-signed post
和pre-signed url
,但错误仍然存在.我提供给Heroku进行请求的凭据是我的根AWSAccessKeyID和密钥,因此权限不应该有问题.我可以从命令行直接上传到S3.
I'm trying to make an upload from Heroku
to S3
using boto3
but I keep getting the error <Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
. I've tried using a pre-signed post
and a pre-signed url
but the error persists. The credentials that I'm providing to Heroku to make the request are my root AWSAccessKeyID and Secret key, so I shouldn't have issues with permissions. I'm able to directly upload to S3 from my command line.
生成预签名帖子后返回的值:
Values returned after generating a pre-signed post:
{'fields': {'x-amz-signature': '26eff5417d0d11a25dd294b059a088e2be37a97f14713962f4240c9f4e33febb', 'x-amz-algorithm': 'AWS4-HMAC-SHA256', 'key': u'sound.m4a', 'x-amz-credential': u'<AWSAccessID>/20161011/us-east-1/s3/aws4_request', 'policy': u'eyJjb25kaXRpb25zIjogW3siYnVja2V0IjogImZ1dHVyZWZpbGVzIn0sIHsia2V5IjogInNvdW5kLm00YSJ9LCB7IngtYW16LWFsZ29yaXRobSI6ICJBV1M0LUhNQUMtU0hBMjU2In0sIHsieC1hbXotY3JlZGVudGlhbCI6ICJBS0lBSTdLRktCTkJTNEM0VktKQS8yMDE2MTAxMS91cy1lYXN0LTEvczMvYXdzNF9yZXF1ZXN0In0sIHsieC1hbXotZGF0ZSI6ICIyMDE2MTAxMVQyMDM4NDlaIn1dLCAiZXhwaXJhdGlvbiI6ICIyMDE2LTEwLTExVDIxOjM4OjQ5WiJ9', 'x-amz-date': '20161011T203849Z'}, 'url': u'https://s3.amazonaws.com/bucketname'}
当前在Heroku上的代码:
Code currently on Heroku:
@api.route('/post_track', methods=['POST'])
@login_required
def post_track():
if request.method == 'POST':
file = request.files['file']
track = Track.upload_fromJSON(request.form.get('share'), request.form.get('title'))
//Postgres entry
conn = get_conn()
with conn.cursor() as cur:
cur.execute('INSERT INTO tracks(user_id, title, share)'
'VALUES (%s, %s, %s) RETURNING id;',
(track.user_id, track.title, track.share))
track_id = cur.fetchone()[0]
conn.commit()
//Obtain pre-signed request
signed_request = get_signed_request(track.title, request.form.get('type'), track_id, file)
return json.dumps({'response':signed_request})
def get_signed_request(title, type, track_id, file):
S3_BUCKET = os.environ.get('S3_BUCKET')
file_name = title
file_type = type
region = 'us-east-1'
s3 = boto3.client('s3', region_name=region, config=Config(signature_version='s3v4'))
presigned_post = s3.generate_presigned_post(
Bucket = S3_BUCKET,
Key = file_name
)
files = {'file': file}
r_response = requests.post(presigned_post["url"], data=presigned_post["fields"], files=files)
print(r_response)
print(r_response.text)
我最终将设置代码以将预先签名的请求返回到我的前端,并从那里进行直接上传.只是将其作为测试运行.
I'm eventually going to set up the code to return the pre-signed request to my frontend and do a direct upload from there. Just doing this as a test run.
推荐答案
我真的很难过.我联系了S3支持人员,他们说他们收到的请求看起来不错,并且用Heroku生成签名的方式一定存在问题.我联系了Heroku,他们并没有真正回应.解决问题的方法是删除我的AWS根访问权限并生成一个新的根访问权限,然后使用新的访问ID重新配置heroku.超级简单,但是很奇怪,这就是问题所在.希望这可以帮助处理相同问题的人.
I really had a hard time with this one. I reached out to S3 support and they said the request they were receiving looked good and that there must be something wrong with the way the signature was being generated on with Heroku. I reached out to Heroku and they didn't really respond. What solved the problem was deleting my AWS root access and generating a new one then reconfiguring heroku with the new access ID's. Super simple, but very strange that that was the issue. Hopefully this helps someone dealing with the same problem.
这篇关于boto3签名与S3不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!