堆栈内存溢出
  简体   繁体   English

通过aws-sdk-go签名URL时,签名不匹配403错误

[英]Signature Does Not Match 403 error when signing a URL via aws-sdk-go

 原文  2016-11-29 01:44:08       amazon-web-services/ go/ amazon-s3/ aws-sdk/ aws-sdk-go

问题描述

I followed instructions on this issue https://github.com/aws/aws-sdk-go/issues/467 which clearly documented how to create a pre-signed url for a PUT request. 我遵循了有关此问题的说明https://github.com/aws/aws-sdk-go/issues/467 ,该说明清楚地记录了如何为PUT请求创建预签名的url。 The goal is to presign the url, so I can directly upload images from the browser safely 目标是给URL加上前缀,以便我可以安全地直接从浏览器上传图像

key and secret are of course my current credentials that work with direct PutObject requests via the SDK 密钥和秘密当然是我当前的凭据,可通过SDK与直接PutObject请求一起使用 

creds := credentials.NewStaticCredentials("key", "secret", "")

cfg := aws.NewConfig().WithRegion("us-west-2").WithCredentials(creds)
srv := s3.New(session.New(), cfg)

params := &s3.PutObjectInput{
    Bucket: aws.String("my-bucket"),
    Key:    aws.String("/local/test/filename"), 
}
req, _ := srv.PutObjectRequest(params)
url, err := req.Presign(15 * time.Hour)
if err != nil {
    fmt.Println("error signing request", err)
}

fmt.Println("URL", url)

``` ```

I then take that URL and make a curl request. 然后,我使用该URL并发出curl请求。 I get this response 我得到这个回应 

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
    <AWSAccessKeyId>redacted</AWSAccessKeyId>
    <StringToSign>redacted</StringToSign>
    <SignatureProvided>redacted</SignatureProvided>
    <StringToSignBytes>redacted</StringToSignBytes>
    <CanonicalRequest>PUT
/local/test/filename
X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=redacted%2Fus-west-2%2Fs3%2F%20aws4_request&amp;X-Amz-Date=20161129T012909Z&amp;X-Amz-Expires=54000&amp;X-Amz-SignedHeaders=host
host:redacted.s3-us-west-2.amazonaws.com

host
UNSIGNED-PAYLOAD</CanonicalRequest>
    <CanonicalRequestBytes>redacted</CanonicalRequestBytes>
    <RequestId>redacted</RequestId>
    <HostId>redacted</HostId>
</Error>

any ideas why the presigned URL is providing me a signature that supposedly does not match? 有什么想法为什么预签名URL向我提供了一个据认为不匹配的签名? Again these same credentials are currently working for direct PutObject commands on my server 同样,这些相同的凭据当前也可用于我的服务器上的直接PutObject命令

1 个解决方案

解决方案1
 1 已采纳  2016-11-29 20:09:32

my Bucket policy was not properly configured. 我的存储桶策略配置不正确。 I had to cross reference my key/secret with the IAM policy and make sure they were listed in the "principals" section of the policy 我必须将我的密钥/机密与IAM策略进行交叉引用,并确保将其列在策略的“原理”部分中

https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/ https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 AWS-SDK-GO 时出错(NoCredentialProviders:链中没有有效的提供者) - Error when using AWS-SDK-GO (NoCredentialProviders: no valid providers in chain) Golang aws-sdk-go dynamodb UnmarshalMap 类型错误赋值 - Golang aws-sdk-go dynamodb UnmarshalMap type error assignment Goroutine在aws-sdk-go中泄漏? - Goroutine leak in aws-sdk-go? Ivona请求签名问题-签名不匹配(AWS签名版本4) - Ivona Request Signing Issue - signature does not match (AWS Signature Version 4) 使用默认VPC以外的其他版本(aws-sdk-go)时无法调用ec2.AuthorizeSecurityGroupIngressInput - Can't call ec2.AuthorizeSecurityGroupIngressInput when using other than the default VPC (aws-sdk-go) 有没有办法使用 aws-sdk-go 验证 aws 帐户的凭据 - is there a way to validate the credentials for aws account using aws-sdk-go 使用aws-sdk-go / roleARN / queueARN(sqs)获取消息 - Fetching message with aws-sdk-go / roleARN / queueARN (sqs) 如何在aws-sdk-go Dynamodb QueryInput中使用“ BETWEEN”? - How to use “BETWEEN” in aws-sdk-go Dynamodb QueryInput? 使用 aws-sdk-go 将文件保存到 S3 - Saving file to S3 using aws-sdk-go AWS-SDK-Go 无法删除 object - AWS-SDK-Go Can't delete object
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM