通过URL获取图像时,AWS S3访问被拒绝 [英] AWS S3 access denied when getting image by url
问题描述
我工作的 AWS EC2 Ubuntu的机并试图从获取图像的 AWS S3 但是下面的错误已每次都证明我的。
<错误>
< code取代; InvalidArgument< / code取代;
<消息>
请指定服务器端加密与AWS KMS管理密钥需要AWS签名版本4。
< /消息>
< ArgumentName>授权< / ArgumentName>
< ArgumentValue>空< / ArgumentValue>
<请求ID> 7C8B4BF1CE2FDC9E< /请求ID>
<主机标识>
/ L5kjuOET4XFgGter2eFHX + aRSvVm / 7VVmIBqQE / oMLeQZ1ditSMZuHPOlsMaKi8hYRnGilTqZY =
< /主机ID>
< /错误>
这是我的水桶政策
{
版本:2012年10月17日,
ID:Policy1441213815928
声明: [
{
锡德:Stmt1441213813464
效果:允许,
主要: *,
行动:S3:GetObject的,
资源:ARN:AWS:S3 ::: mytest.sample / *
}
]
}
下面是code
要求AWS-autoloader.php;
$凭证=新的AWS \证书\凭证(钥匙,钥匙);
$ bucketName =mytest.sample;
$ S3 =新的AWS \ S3 \ S3Client([
签名=> 'V4',
'版本'=> '最新',
'区域'=> AP-东南-1',
'凭据'=> $凭据,
'HTTP'=> [
'验证'=> /home/ubuntu/cacert.pem
]
'声明'=> [
操作=> *,
]
]);
$结果= $ S3->的getObject(阵列(
'斗'=> $ bucketName,
'关键'=> about_us.jpg,
));
HTML
< IMG SRC =< PHP的echo $结果['@元数据'] ['effectiveUri'];?>中/>
修改作为迈克尔 - sqlbot:这里我使用默认的KMS
尝试{
$结果= $这个 - > Amazon-> S3-> putObject(阵列(
'斗'=> mytest.sample,
ACL=> 认证 - 读,
'关键'=> $ newfilename,
ServerSideEncryption'=> AWS:公里,
'的SourceFile'=> $文件路径,
'的ContentType'=> mime_content_type($文件路径)
调试=> [
logfn'=>功能($味精){
回声$味精。 \ N的;
},
stream_size'=> 0,
scrub_auth'=>真正,
'HTTP'=>真正,
]
));
}赶上(S3Exception $ E){
回声$ E->的getMessage()。 \ N的;
}
让我知道如果你需要更多。
我还与 AWS面对这样的问题:公里
encyrption关键,我建议,如果你想使用公里
键,那么你必须创建 KMS密钥
在AWS控制台<的 IAM节/ code>。我喜欢推荐的
AES256
服务器端加密,在这里,而把和解密,同时获得S3对象自动加密数据。请通过以下链接:
<一href="https://aws.amazon.com/about-aws/whats-new/2011/10/04/amazon-s3-announces-server-side-encryption-support/"相对=nofollow>与AES256 S3服务器端加密
我的解决办法是改变这一行'ServerSideEncryption'=&GT; AWS:公里与ServerSideEncryption'=&GT; AES256
尝试{
$结果= $这个 - &GT; Amazon-&GT; S3-&GT; putObject(阵列(
'斗'=&GT; mytest.sample,
ACL=&GT; 认证 - 读,
'关键'=&GT; $ newfilename,
ServerSideEncryption'=&GT; AES256,
'的SourceFile'=&GT; $文件路径,
'的ContentType'=&GT; mime_content_type($文件路径)
调试=&GT; [
logfn'=&GT;功能($味精){
回声$味精。 \ N的;
},
stream_size'=&GT; 0,
scrub_auth'=&GT;真正,
'HTTP'=&GT;真正,
]
));
}赶上(S3Exception $ E){
回声$ E-&GT;的getMessage()。 \ N的;
}
请还与以下JSON更新你的水桶政策,将prevent你上传与对象从 AES256
加密
{
锡德:DenyUnEncryptedObjectUploads
效果:拒绝,
主要: *,
行动:S3:PutObject
资源:ARN:AWS:S3 ::: yourbucketname / *,
条件: {
StringNotEquals:{
S3:X-AMZ-服务器端加密:AES256
}
}
}
I am working on AWS EC2 Ubuntu Machine and trying to fetch image from AWS S3 but following error has been shown to me every time.
<Error>
<Code>InvalidArgument</Code>
<Message>
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
</Message>
<ArgumentName>Authorization</ArgumentName>
<ArgumentValue>null</ArgumentValue>
<RequestId>7C8B4BF1CE2FDC9E</RequestId>
<HostId>
/L5kjuOET4XFgGter2eFHX+aRSvVm/7VVmIBqQE/oMLeQZ1ditSMZuHPOlsMaKi8hYRnGilTqZY=
</HostId>
</Error>
Here is my bucket policy
{
"Version": "2012-10-17",
"Id": "Policy1441213815928",
"Statement": [
{
"Sid": "Stmt1441213813464",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mytest.sample/*"
}
]
}
Here is the code
require 'aws-autoloader.php';
$credentials = new Aws\Credentials\Credentials('key', 'key');
$bucketName = "mytest.sample";
$s3 = new Aws\S3\S3Client([
'signature' => 'v4',
'version' => 'latest',
'region' => 'ap-southeast-1',
'credentials' => $credentials,
'http' => [
'verify' => '/home/ubuntu/cacert.pem'
],
'Statement' => [
'Action ' => "*",
],
]);
$result = $s3->getObject(array(
'Bucket' => $bucketName,
'Key' => 'about_us.jpg',
));
Html
<img src="<?php echo $result['@metadata']['effectiveUri']; ?>" />
Edit for Michael - sqlbot : here I am using default KMS.
try {
$result = $this->Amazon->S3->putObject(array(
'Bucket' => 'mytest.sample',
'ACL' => 'authenticated-read',
'Key' => $newfilename,
'ServerSideEncryption' => 'aws:kms',
'SourceFile' => $filepath,
'ContentType' => mime_content_type($filepath),
'debug' => [
'logfn' => function ($msg) {
echo $msg . "\n";
},
'stream_size' => 0,
'scrub_auth' => true,
'http' => true,
],
));
} catch (S3Exception $e) {
echo $e->getMessage() . "\n";
}
let me know if you need more.
I have also face this issue with aws:kms
encyrption key, I suggest that if you wanted to use kms
key then you have to create your kms key
in IAM section of AWS Console
. I love to recommended AES256
server side encryption, here S3 automatically Encrypted your data while putting and decryption while getting object. Please go through below link:
S3 Server Side encryption with AES256
My Solution is change this line 'ServerSideEncryption' => 'aws:kms' with 'ServerSideEncryption' => 'AES256'
try {
$result = $this->Amazon->S3->putObject(array(
'Bucket' => 'mytest.sample',
'ACL' => 'authenticated-read',
'Key' => $newfilename,
'ServerSideEncryption' => 'AES256',
'SourceFile' => $filepath,
'ContentType' => mime_content_type($filepath),
'debug' => [
'logfn' => function ($msg) {
echo $msg . "\n";
},
'stream_size' => 0,
'scrub_auth' => true,
'http' => true,
],
));
} catch (S3Exception $e) {
echo $e->getMessage() . "\n";
}
Please also update your bucket policy with below json, it will prevent you to upload object with out AES256
encryption
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::yourbucketname/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
这篇关于通过URL获取图像时,AWS S3访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!