英文:
AWS presigned url acl public read invalid signature
问题
我有一个私有存储桶,我想创建一个预签名 URL,允许用户在时间限制内上传文件,并将 ACL 设置为公共只读。
当我创建一个类似下面的 PutObjectRequest 时,它可以正常工作,我可以无问题地上传文件。但是当我添加 ACL: aws.String("public-read") 时,我会收到"签名不匹配"的错误,PUT 操作失败。下面是 GO SDK 生成的 URL 示例:
https://
我尝试过使用根 AWS 用户和普通用户。我尝试过使用存储桶策略和不使用存储桶策略,以及使用存储桶策略和具有完全 S3 访问权限的 IAM 策略,以及不使用存储桶策略和 IAM 策略。基本上尝试了所有组合。每次添加 ACL 字段时,都会出现签名错误。
我不确定这是否与 GO SDK 或 AWS 服务有关。有人可以给我建议吗?
svc := s3.New(session.New(&aws.Config{Region: aws.String("eu-west-2")}))
req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
ACL: aws.String("public-read"),
Bucket: aws.String("MY BUCKET NAME"),
Key: aws.String("MY KEY"),
})
str, err := req.Presign(15 * time.Minute)
英文:
I have a private bucket, I want create a pre signed url that allows a user to upload a file to within the time limit and set the ACL to public read only.
When creating a PutObjectRequest like below it works fine I can PUT the file no problem. When I add ACL: aws.String("public-read"), I get the error 'signature doesn't match' and the PUT fails, here is a sample of the url the GO sdk is generating.
https://<MY-BUCKET>.s3.eu-west-2.amazonaws.com/<MY-KEY>?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<AWS_ACCESS_KEY>/20170505/eu-west-2/s3/aws4_request&X-Amz-Date=20170505T793528Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host;x-amz-acl&X-Amz-Signature=2584062aaa76545665bfed7204fcf0dfe233a45016f698e7e8a11c34a5a7921e
I have tried with the root aws user and a normal user.
I have tried with bucket policy and without, and with bucket policy and IAM policy of FULL S3 access and without. Basically all combinations. Any time I add the ACL field the signature error appears.
I am not sure if it's related to the GO SDK or to the AWS service. Can someone advice on what I am to do?
svc := s3.New(session.New(&aws.Config{Region: aws.String("eu-west-2")}))
req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
ACL: aws.String("public-read"),
Bucket: aws.String("MY BUCKET NAME"),
Key: aws.String("MY KEY"),
})
str, err := req.Presign(15 * time.Minute)
答案1
得分: 0
这是亚马逊网络服务端的错误,URL没有被签名。
英文:
It was and error on the aws service end, the url is not being signed.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论