从 S3 转移到 Google 存储 - 密钥不正确 [英] Transfer From S3 to Google Storage - Incorrect Key

问题描述

过去几个小时我一直在尝试设置从 S3 到我的谷歌存储桶的传输.

I've been trying for past couple of hours to setup a transfer from S3 to my google storage bucket.

在创建传输时我不断收到的错误是:无效的访问密钥.确保您的 S3 存储桶的访问密钥正确，或将存储桶权限设置为授予所有人."

The error that i keep getting, when creating the transfer is: "Invalid access key. Make sure the access key for your S3 bucket is correct, or set the bucket permissions to Grant Everyone."

访问密钥和秘密都是正确的，因为它们目前正在生产中用于 S3 完全访问.

Both the access key and the secret are correct, given that they are currently in use in production for S3 full access.

需要注意的几点:

1. 在 S3 存储桶上启用了 CORS
2. 存储桶策略仅允许经过身份验证的 AWS 用户列出/查看其内容
3. S3 需要签名 URL 才能访问

存储桶政策:

{
    "Version": "2008-10-17",
    "Id": "Policy234234234",
    "Statement": [
        {
            "Sid": "Stmt234234",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:GetObjectAcl",
                "s3:RestoreObject",
                "s3:GetObjectVersion",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:PutObjectVersionAcl",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:PutObject",
                "s3:GetObjectVersionAcl"
            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity xyzmatey"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "3",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::mybucket"
        }
    ]
}

CORS 政策

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>http://www.mywebsite.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedHeader>AUTHORIZATION</AllowedHeader>
    </CORSRule>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedHeader>AUTHORIZATION</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

知道我哪里出错了吗?

我在谷歌计算实例上设置了 gsutil 工具，并在确切的存储桶上使用相同的 AWS 密钥进行了复制.像魅力一样工作..

I've setup the gsutil tool on a google compute instance and did a copy with the same AWS keys on the exact bucket. Worked like a charm..

推荐答案

我是Transfer服务的工程师.您遇到此问题的原因是传输服务尚不支持 AWS S3 区域 ap-southeast-1(新加坡)，因为 GCP 在该区域中没有与 AWS S3 的网络安排.我们现在可以考虑支持该地区，但您的传输将比其他地区慢得多.

I am an engineer on Transfer service. The reason you encountered this problem is that AWS S3 region ap-southeast-1 (Singapore) is not yet supported by the Transfer service, because GCP does not have networking arrangement with AWS S3 in that region. We can consider to support that region now but your transfer will be much slower than other regions.

我们正在修复以显示更清晰的错误消息.

On our end, we are making a fix to display a clearer error message.

这篇关于从 S3 转移到 Google 存储 - 密钥不正确的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！