我是Amazon AWS的新手,并且正在尝试设置一个系统以上传用户。设置所有内容后,我无法验证一个令牌。下面,我将解释我完成的所有配置。
我创建了一个S3存储桶,我配置了该存储桶的CORS:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
接下来,我设置了一个指向此S3存储桶的云沿分布。它设置为允许所有HTTP方法(其中包括" put")。还创建了原始访问身份,以便仅由云范围URL而不是S3查看图像。
然后,我创建了一个IAM用户,并为该用户创建了一个策略,以便我可以在需要通过CloudFront上传图像时请求临时凭据:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1504225496000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"*"
]
}
]
}
目前,我将仅供开发的权限设置为完全访问权限。最终,我将增加更严格的权限。
完成此操作后,我然后从类似的API中要求临时凭证:
var securityClient =
new AmazonSecurityTokenServiceClient(Variables.AWSUserWriteId, Variables.AWSUserWriteKey);
var request = new GetSessionTokenRequest
{
DurationSeconds = 900
};
var tempCredentials = await securityClient.GetSessionTokenAsync(request);
return new ApiResponse(Enums.ResponseStatus.Success, new JObject
{
{"id", tempCredentials.Credentials.AccessKeyId},
{"key", tempCredentials.Credentials.SecretAccessKey},
{"token", tempCredentials.Credentials.SessionToken}
}, null);
这将返回到浏览器客户端(注意,我能够成功获得这三个值)。
使用这些值,我使用AWS-SDK调用上传过程:
let id = response.data.JsonData.id;
let key = response.data.JsonData.key;
let token = response.data.JsonData.token;
let s3 = new AWS.S3({
accessKeyId: id,
secretAccessKey: key,
sessionToken: token,
endpoint: cloudFrontUrl //https://d3goqf5vihdmh2.cloudfront.net
});
s3.upload({Body: file, Bucket: amazonS3BucketName, Key: file.name}, (err, data) => {
console.log(err);
console.log(data);
let hello = "hello";
}).on("httpUploadProgress", evt => {
console.log(evt);
});
但是,完成所有这些错误后,返回错误:
"The provided token is malformed or otherwise invalid."
用户拥有完整的权限,据我所知,除非我缺少某些内容,否则我应该正确设置所有内容?在搜索Google和Documentation之后,我在任何地方都找不到解决方案,我完全卡在这里。
编辑:这是实际出门的请求的更多信息。这些是Google浏览器开发工具提供的请求标题:
:authority:d3goqf5vihdmh2.cloudfront.net
:method:PUT
:path:/**removingforprivacy**.development/**removingforprivacy**.png
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8
authorization:AWS4-HMAC-SHA256 Credential=**removingforprivacy**/20170901/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-
amz-security-token;x-amz-user-agent,
Signature=180d55d69eb0577b77d14b8938c675cbd8798924132c7367d02fbd59b5e8a3d3
content-length:33041
content-type:application/octet-stream
origin:http://localhost:3000
referer:http://localhost:3000/postnew
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
x-amz-content-sha256:UNSIGNED-PAYLOAD
x-amz-date:20170901T024531Z
x-amz-security-token:FQoDYXdzEMz//////////wEaDDJE64k3fztWLnZWJiKrAbIUNroRDzBfHcFJrPTUIgNSKFWdZDM4Nt0a7UCxwnWopLRDJAMiwt/gX1svqe5ZJsUL+yHTubJylLVvIIZdxsGGCeSZhmaquyd5jWsx9n+PeHB5MFbxkcDdRWhaQ8eXobABH0Q53xxH/zBXxIZTn/qEERgHPjfaPVLLmzQmbd6+toc/WQX5y3HZMvf7ZgTh3KdoHWDwJEmCeYx6NuyNpR9NIiubVvI/2gH8zijGk6PNBQ==
x-amz-user-agent:aws-sdk-js/2.107.0 callback
看起来您需要使用SQS队列服务才能分发临时安全凭据。在此处查看以下内容临时安全凭据