上传文件 amazon s3 预签名 post
Upload file amazon s3 pre signed post
我正在开发一个 Web 应用程序,我想使用预签名 post 从中将文件上传到 Amazon S3。按照此 link 上的说明进行操作: http://aws.amazon.com/articles/1434 我有以下表格。
<form action=<%= @aws_s3_url %> method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value= <%= @base_path + "${filename}" %> >
<input type="hidden" name="AWSAccessKeyId" value= <%= @aws_access_key_id %> >
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value=<%= "https://localhost:3000/projects/" + @project.id.to_s %> >
<input type="hidden" name="policy" value= <%= @aws_policy %>>
<input type="hidden" name="signature" value=<%= @aws_signature %>>
<!-- Include any additional input fields here -->
File to upload to S3:
<input name="file" type="file">
<br>
<input type="submit" value="Upload File to S3">
</form>
其中 @aws_s3_url = "https://s3-eu-west-1.s3.amazonaws.com/my_bucket"
政策是用这种方法生成的:
def generate_policy_pre_signed_post(key)
policy = "{ \"expiration\": \"#{Time.now.tomorrow.utc.iso8601}\","
policy +="\"conditions\": ["
policy += "{\"acl\": \"private\" },"
policy += "{\"success_action_redirect\": \"https://localhost:3000/projects/#{@project.id.to_s}\"},"
policy += "{\"bucket\": \"my_bucket\" },"
policy += "[\"starts-with\", \"$key\", \"#{key}\"],]}"
policy
end
然后像上面的 link 一样编码和签名:
政策 = generate_policy_pre_signed_post("/users_data/" + user_creds.aws_identity_id + "/")
@aws_policy = Base64.encode64(policy).gsub("\n","")
@aws_signature = Base64.encode64(
OpenSSL::HMAC.digest(
OpenSSL::Digest::Digest.new('sha1'),
server_credentials.secret_access_key, @aws_policy)
).gsub("\n","")
但是当我尝试将文件上传到 S3 时,出现以下错误:"The specified method is not allowed against this resource."
怎么可能?在 IAM 中,我的用户拥有写入 S3 的所有权限,我还尝试添加这样的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::my_iam"
},
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::my_bucket/*"
]
}
]
}
对可能发生的事情有什么想法吗?
编辑:
我也试过修改 CORS 权限(但它仍然不起作用)
<CORSRule>
<AllowedOrigin>https://0.0.0.0:3000/*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
好的,我找到了!真的很愚蠢我在 s3-eu-west-1.s3.amazonaws.com/my_bucket 中有一个额外的 s3 正确的方法是:s3-eu-west-1.amazonaws.com/my_bucket
我正在开发一个 Web 应用程序,我想使用预签名 post 从中将文件上传到 Amazon S3。按照此 link 上的说明进行操作: http://aws.amazon.com/articles/1434 我有以下表格。
<form action=<%= @aws_s3_url %> method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value= <%= @base_path + "${filename}" %> >
<input type="hidden" name="AWSAccessKeyId" value= <%= @aws_access_key_id %> >
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value=<%= "https://localhost:3000/projects/" + @project.id.to_s %> >
<input type="hidden" name="policy" value= <%= @aws_policy %>>
<input type="hidden" name="signature" value=<%= @aws_signature %>>
<!-- Include any additional input fields here -->
File to upload to S3:
<input name="file" type="file">
<br>
<input type="submit" value="Upload File to S3">
</form>
其中 @aws_s3_url = "https://s3-eu-west-1.s3.amazonaws.com/my_bucket"
政策是用这种方法生成的:
def generate_policy_pre_signed_post(key)
policy = "{ \"expiration\": \"#{Time.now.tomorrow.utc.iso8601}\","
policy +="\"conditions\": ["
policy += "{\"acl\": \"private\" },"
policy += "{\"success_action_redirect\": \"https://localhost:3000/projects/#{@project.id.to_s}\"},"
policy += "{\"bucket\": \"my_bucket\" },"
policy += "[\"starts-with\", \"$key\", \"#{key}\"],]}"
policy
end
然后像上面的 link 一样编码和签名: 政策 = generate_policy_pre_signed_post("/users_data/" + user_creds.aws_identity_id + "/")
@aws_policy = Base64.encode64(policy).gsub("\n","")
@aws_signature = Base64.encode64(
OpenSSL::HMAC.digest(
OpenSSL::Digest::Digest.new('sha1'),
server_credentials.secret_access_key, @aws_policy)
).gsub("\n","")
但是当我尝试将文件上传到 S3 时,出现以下错误:"The specified method is not allowed against this resource."
怎么可能?在 IAM 中,我的用户拥有写入 S3 的所有权限,我还尝试添加这样的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::my_iam"
},
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::my_bucket/*"
]
}
]
}
对可能发生的事情有什么想法吗?
编辑: 我也试过修改 CORS 权限(但它仍然不起作用)
<CORSRule>
<AllowedOrigin>https://0.0.0.0:3000/*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
好的,我找到了!真的很愚蠢我在 s3-eu-west-1.s3.amazonaws.com/my_bucket 中有一个额外的 s3 正确的方法是:s3-eu-west-1.amazonaws.com/my_bucket