亚马逊 s3:直接上传与预先签名的 url [英] Amazon s3: direct upload vs presigned url
问题描述
我正在使用适用于 .NET 的 AWS 开发工具包,并且正在寻找一种方法让用户直接上传到 s3 存储.
I'm using AWS SDK for .NET and I was looking for a method to let user upload directly to a s3 storage.
我遇到过 aws 提供的两种不同方式:
I've come across two different ways offedered by aws:
基于浏览器的上传:https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html
和预签名网址:https://docs.aws.amazon.com/AmazonS3/latest/dev/UploadObjectPreSignedURLDotNetSDK.html
似乎预先签名的 url 更容易,因为 aws sdk 中已经存在一种方法来生成一个 url 以传递给客户端,让他将对象直接放入存储桶(与浏览器上传相比,这似乎也很轻松,因为它不需要在帖子表单中浏览器上传想要的所有密钥).
It seems presigned url is 'easier' since a method is already present within aws sdk to generate a url to pass to client, to let him PUT object directly to the bucket (and it seems also painless compared to browser upload, since it doesn't require all the keys browser upload wants in the post form).
但我想知道为什么实际上有两种不同的方法.每一种的优点和缺点是什么?
But I was wondering why there are actually two different methods. What are PRO and CONS of each one?
推荐答案
无论您想使用 REST API 还是 AWS 开发工具包与 S3 交互,这完全归结为关键.
It totally comes down to the point, whether you want to use the REST API or the AWS SDKs to interact with S3.
在这两种情况下,除非存储桶是公开的,否则您需要证明(验证/签名-请求)您的身份.
In both cases, you need to prove(authenticate/Sign-Request) your identity unless bucket is public.
a) 如果您要使用 REST API,为了证明身份,您需要使用 ' AWS 签名版本 4 '(已弃用的版本 2 也在那里),其中包括三种方法(您列出了其中一种)
a) If you are going with REST APIs, to prove identity, you need sign your request using ' AWS Signature version 4 ' (deprecated ver 2 is also there), which includes three methods (one you have listed)
- 对请求进行身份验证:使用授权标头(AWS 签名版本 4)
- 验证请求:使用查询参数(AWS 签名版本 4)
- 验证请求:使用 POST(AWS 签名版本 4)基于浏览器的上传
b) 如果您打算使用 AWS 开发工具包,您应该让开发工具包来完成签字仪式(流程).所以选择直接使用SDK对请求进行签名
b) If you are going to use AWS SDKs, you should let SDK do the signing ceremony(process). So the choice is straightforward to use SDK to sign the request
(问题的一部分)与浏览器上传相比,它似乎也很轻松,因为它不需要在帖子表单中浏览器上传所需的所有键<
(Part of the question) It seems also painless compared to browser upload since it doesn't require all the keys browser upload wants in the post form<
对于下面的代码,s3Client 已经从 AWS-CLI-Profile(如果运行本地/笔记本电脑)、IAM 角色(如果是 EC2、lambda 等)获得了您的凭据
For below code, s3Client already has got your creds whether from AWS-CLI-Profile(if running local/laptop), IAM Role(in case of EC2, lambda, etc)
string url = s3Client.GetPreSignedURL(request);
这篇关于亚马逊 s3:直接上传与预先签名的 url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
