为什么在通过Lambda创建S3预签名URL时出现CredentialsProviderError错误?

huangapple
go评论318阅读模式
英文:

Why am I getting CredentialsProviderError creating a presigned url for s3 via lambda

问题

我正在尝试为客户创建预签名 URL,以便他们通过 S3 上传文件。我希望使用 Lambda 来创建这些文件,以便在生成 URL 之前验证客户端授权。

当我在本地运行代码时,一切都运行得很完美。但是,当部署到 Lambda 后,我收到了一个 CredentialsProviderError。我已经通过我的 Lambda 角色的 IAM 和存储桶权限为我的角色提供了完整的权限。

我使用的代码来自使用 AWS SDK 为 Amazon S3 创建预签名 URL,如下所示:

const createPresignedUrlWithoutClient = async (key) => {
    const url = parseUrl(`https://${BUCKET_NAME}.s3.${LOCATION}.amazonaws.com/${key}`);
    const presigner = new S3RequestPresigner({
        credentials: fromIni(),
        region: LOCATION,
        sha256: Hash.bind(null, "sha256"),
    });

    const signedUrlObject = await presigner.presign(
        new HttpRequest({ ...url, method: "PUT" }),
    );
    return formatUrl(signedUrlObject);
};

[1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example_s3_Scenario_PresignedUrl_section.html
英文:

I am trying to create presigned urls for clients to upload files via s3. I want these files to be created using lambda so I can verify client authorisation prior to generating the url.

When I run the code locally, everything works perfectly. However, when deployed to lambda I get a CredentialsProviderError I have attached full permissions over my bucket to my lambda role via both my lambda role IAM and also in bucket permissions.

The code I am using is taken from Create a presigned URL for Amazon S3 using an AWS SDK and is as below:

const createPresignedUrlWithoutClient = async (key) => {
const url = parseUrl(`https://${BUCKET_NAME}.s3.${LOCATION}.amazonaws.com/${key}`);
const presigner = new S3RequestPresigner({
    credentials: fromIni(),
    region: LOCATION,
    sha256: Hash.bind(null, "sha256"),
});

const signedUrlObject = await presigner.presign(
    new HttpRequest({ ...url, method: "PUT" }),
);
return formatUrl(signedUrlObject);

};

答案1

得分: 0

fromIni() 只有在 AWS Lambda 环境中能够工作,如果您还将一个凭据 INI 文件打包到 Lambda 函数的部署包中。即使如此,它的文件系统位置也会与 fromIni() 默认查找的位置不同。

我建议在 AWS Lambda 环境中使用 fromEnv()

英文:

fromIni() would only work in an AWS Lambda environment if you also packaged a credentials INI file into your Lambda function's deployment artifact. And even then it would be in a different location on the file system than the default location fromIni() will be looking at.

I suggest using fromEnv() in the AWS Lambda environment.

huangapple
  • 本文由 发表于 2023年3月7日 20:56:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/75662258.html
  • amazon-s3
  • amazon-web-services
  • aws-iam-policy
  • aws-lambda
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定