我正在尝试使用bash/curl和实例配置文件将文件从EC2放到S3。我使用以下代码:
instance_profile=`curl http://169.254.169.254/latest/meta-data/iam/security-credentials/`
aws_access_key_id=`curl http://169.254.169.254/latest/meta-data/iam/security-credentials/${instance_profile} | grep AccessKeyId | cut -d':' -f2 | sed 's/[^0-9A-Z]*//g'`
aws_secret_access_key=`curl http://169.254.169.254/latest/meta-data/iam/security-credentials/${instance_profile} | grep SecretAccessKey | cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g'
token=`curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${instance_profile} | sed -n '/Token/{p;}' | cut -f4 -d'"'
file="test_file.txt"
bucket="MM-test-s3-bucket"
filepath="/${bucket}/${path}/${file}"
contentType="application/x-compressed-tar"
dateValue=`date -R`
signature_string="PUTnn${contentType}n${dateValue}n${filepath}"
signature_hash=`echo -en ${signature_string} | openssl sha1 -hmac ${aws_secret_access_key} -binary | base64`
curl -X PUT -T "${file}" -H "Host: ${bucket}.s3.amazonaws.com" -H "Date: ${dateValue}" -H "Content-Type: ${contentType}" -H "Authorization: AWS ${aws_access_key_id}:${signature_hash}" https://${bucket}.s3.amazonaws.com/${file}
我得到一个错误"invalidaccesskeyid您提供的AWS访问密钥Id在我们的记录中不存在"。
正如问题评论中提到的,我们在使用临时访问密钥和秘密密钥时需要使用令牌。
同样,我们需要在我们的stringToSign和curl请求的headers中添加这个令牌。
stringToSign ="把 n n $ $ {dateValue} {contentType} n n ${CanonicalizedAmzHeaders} n $ {filepath}"。
这个CanonicalizedAmzHeaders是-CanonicalizedAmzHeaders ="x-amz-security-token: ${牌}">
和标题在curl请求在下面格式--H "x-amz-security-token: ${token}">
否则您将面临错误"我们计算的请求签名与您提供的签名不匹配">