英文:
Why am I getting CredentialsProviderError creating a presigned url for s3 via lambda
问题
我正在尝试为客户创建预签名 URL,以便他们通过 S3 上传文件。我希望使用 Lambda 来创建这些文件,以便在生成 URL 之前验证客户端授权。
当我在本地运行代码时,一切都运行得很完美。但是,当部署到 Lambda 后,我收到了一个 CredentialsProviderError。我已经通过我的 Lambda 角色的 IAM 和存储桶权限为我的角色提供了完整的权限。
我使用的代码来自使用 AWS SDK 为 Amazon S3 创建预签名 URL,如下所示:
const createPresignedUrlWithoutClient = async (key) => {
const url = parseUrl(`https://${BUCKET_NAME}.s3.${LOCATION}.amazonaws.com/${key}`);
const presigner = new S3RequestPresigner({
credentials: fromIni(),
region: LOCATION,
sha256: Hash.bind(null, "sha256"),
});
const signedUrlObject = await presigner.presign(
new HttpRequest({ ...url, method: "PUT" }),
);
return formatUrl(signedUrlObject);
};
[1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example_s3_Scenario_PresignedUrl_section.html
英文:
I am trying to create presigned urls for clients to upload files via s3. I want these files to be created using lambda so I can verify client authorisation prior to generating the url.
When I run the code locally, everything works perfectly. However, when deployed to lambda I get a CredentialsProviderError I have attached full permissions over my bucket to my lambda role via both my lambda role IAM and also in bucket permissions.
The code I am using is taken from Create a presigned URL for Amazon S3 using an AWS SDK and is as below:
const createPresignedUrlWithoutClient = async (key) => {
const url = parseUrl(`https://${BUCKET_NAME}.s3.${LOCATION}.amazonaws.com/${key}`);
const presigner = new S3RequestPresigner({
credentials: fromIni(),
region: LOCATION,
sha256: Hash.bind(null, "sha256"),
});
const signedUrlObject = await presigner.presign(
new HttpRequest({ ...url, method: "PUT" }),
);
return formatUrl(signedUrlObject);
};
答案1
得分: 0
fromIni() 只有在 AWS Lambda 环境中能够工作,如果您还将一个凭据 INI 文件打包到 Lambda 函数的部署包中。即使如此,它的文件系统位置也会与 fromIni() 默认查找的位置不同。
我建议在 AWS Lambda 环境中使用 fromEnv()。
英文:
fromIni() would only work in an AWS Lambda environment if you also packaged a credentials INI file into your Lambda function's deployment artifact. And even then it would be in a different location on the file system than the default location fromIni() will be looking at.
I suggest using fromEnv() in the AWS Lambda environment.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论