AWS预签名URL ACL公共读取无效签名

huangapple go评论106阅读模式
英文:

AWS presigned url acl public read invalid signature

问题

我有一个私有存储桶,我想创建一个预签名 URL,允许用户在时间限制内上传文件,并将 ACL 设置为公共只读。

当我创建一个类似下面的 PutObjectRequest 时,它可以正常工作,我可以无问题地上传文件。但是当我添加 ACL: aws.String("public-read") 时,我会收到"签名不匹配"的错误,PUT 操作失败。下面是 GO SDK 生成的 URL 示例:

https://.s3.eu-west-2.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<AWS_ACCESS_KEY>/20170505/eu-west-2/s3/aws4_request&X-Amz-Date=20170505T793528Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host;x-amz-acl&X-Amz-Signature=2584062aaa76545665bfed7204fcf0dfe233a45016f698e7e8a11c34a5a7921e

我尝试过使用根 AWS 用户和普通用户。我尝试过使用存储桶策略和不使用存储桶策略,以及使用存储桶策略和具有完全 S3 访问权限的 IAM 策略,以及不使用存储桶策略和 IAM 策略。基本上尝试了所有组合。每次添加 ACL 字段时,都会出现签名错误。

我不确定这是否与 GO SDK 或 AWS 服务有关。有人可以给我建议吗?

svc := s3.New(session.New(&aws.Config{Region: aws.String("eu-west-2")}))
req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
ACL: aws.String("public-read"),
Bucket: aws.String("MY BUCKET NAME"),
Key: aws.String("MY KEY"),
})
str, err := req.Presign(15 * time.Minute)

英文:

I have a private bucket, I want create a pre signed url that allows a user to upload a file to within the time limit and set the ACL to public read only.

When creating a PutObjectRequest like below it works fine I can PUT the file no problem. When I add ACL: aws.String("public-read"), I get the error 'signature doesn't match' and the PUT fails, here is a sample of the url the GO sdk is generating.

https://&lt;MY-BUCKET&gt;.s3.eu-west-2.amazonaws.com/&lt;MY-KEY&gt;?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=&lt;AWS_ACCESS_KEY&gt;/20170505/eu-west-2/s3/aws4_request&amp;X-Amz-Date=20170505T793528Z&amp;X-Amz-Expires=900&amp;X-Amz-SignedHeaders=host;x-amz-acl&amp;X-Amz-Signature=2584062aaa76545665bfed7204fcf0dfe233a45016f698e7e8a11c34a5a7921e

I have tried with the root aws user and a normal user.
I have tried with bucket policy and without, and with bucket policy and IAM policy of FULL S3 access and without. Basically all combinations. Any time I add the ACL field the signature error appears.

I am not sure if it's related to the GO SDK or to the AWS service. Can someone advice on what I am to do?

svc := s3.New(session.New(&amp;aws.Config{Region: aws.String(&quot;eu-west-2&quot;)}))
	req, _ := svc.PutObjectRequest(&amp;s3.PutObjectInput{
		ACL: aws.String(&quot;public-read&quot;),
		Bucket: aws.String(&quot;MY BUCKET NAME&quot;),
		Key:    aws.String(&quot;MY KEY&quot;),
	})
	str, err := req.Presign(15 * time.Minute)

答案1

得分: 0

这是亚马逊网络服务端的错误,URL没有被签名。

英文:

It was and error on the aws service end, the url is not being signed.

huangapple
  • 本文由 发表于 2017年5月5日 21:21:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/43806098.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定