堆栈内存溢出
  简体   繁体   English

AWS S3存储桶临时证书下载文件.Net

[英]AWS S3 bucket Temporary Credentials download file .Net

 原文  2017-10-26 14:15:56       c#/ .net/ amazon-web-services/ amazon-s3

问题描述

I have a bucket on Amazon S3 and I have created IAM user Now I want to download private bucket file using temporary credential. 我在Amazon S3上有一个存储桶,并且已经创建了IAM用户。现在,我想使用临时凭证下载私有存储桶文件。

This is my bucket policy 这是我的水桶政策 

{
    "Id": "Policy1509026195925",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1509026179419",
            "Action": [
                "s3:GetObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::test-folder/*",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::461567291450:user/john"
                ]
            }
        }
    ]
}

this is my c# .Net code 这是我的C#.Net代码 

ServicePointManager.Expect100Continue = false;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            try
            {

                // In real applications, the following code is part of your trusted code. It has 
                // your security credentials you use to obtain temporary security credentials.
                AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig();
                AmazonSecurityTokenServiceClient stsClient =
                       new AmazonSecurityTokenServiceClient(config);

                GetFederationTokenRequest federationTokenRequest =
                                                     new GetFederationTokenRequest();
                federationTokenRequest.Name = "testuser";
               // federationTokenRequest.Policy = "Policy1509026195925";
                federationTokenRequest.DurationSeconds = 7200;

                GetFederationTokenResponse federationTokenResponse = stsClient.GetFederationToken(federationTokenRequest);
                //FederatedUser federationTokenResult = federationTokenResponse.;
                Credentials credentials = federationTokenResponse.Credentials;


                SessionAWSCredentials sessionCredentials =
                                 new SessionAWSCredentials(credentials.AccessKeyId,
                                                          credentials.SecretAccessKey,
                                                          credentials.SessionToken);

                // The following will be part of your less trusted code. You provide temporary security
                // credentials so it can send authenticated requests to Amazon S3. 
                // Create Amazon S3 client by passing in the basicSessionCredentials object.
                AmazonS3Client s3Client = new AmazonS3Client(sessionCredentials, Amazon.RegionEndpoint.USEast1);
                // Test. For example, send list object keys in a bucket.
                ListObjectsRequest listObjectRequest = new ListObjectsRequest();
                listObjectRequest.BucketName = bucketName;
                ListObjectsResponse response = s3Client.ListObjects(listObjectRequest);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }

Every time when I run the code I got Access denied message. 每次我运行代码时,都会收到“访问被拒绝”消息。 Why? 为什么? How to download the bucket file using Temporary credential? 如何使用临时凭证下载存储桶文件?

1 个解决方案

解决方案1
 0 已采纳  2017-10-26 15:00:57

You can try something like : 您可以尝试类似: 

assumeRoleResult = AssumeRole(role-arn);
tempCredentials = new SessionAWSCredentials(
   assumeRoleResult.AccessKeyId, 
   assumeRoleResult.SecretAccessKey, 
   assumeRoleResult.SessionToken);
s3Request = CreateAmazonS3Client(tempCredentials);

You need to to call AssumeRole to get temporary security credentials, and then use those credentials to make a call to Amazon S3, see Switching to an IAM Role (API). 您需要调用AssumeRole来获取临时安全凭证,然后使用这些凭证来调用Amazon S3,请参阅切换到IAM角色(API)。

Refer : Using Temporary Security Credentials with the AWS SDKs 请参阅:结合使用临时安全凭证和AWS开发工具包

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 有没有办法使用适用于 .NET 的 AWS SDK 将对象从 S3 存储桶下载到文件目标? - Is there a way to download an object from S3 bucket to a file destination using AWS SDK for .NET? 使用AWS S3 SDK for .NET从Amazon S3下载并行批处理文件 - Parallel batch file download from Amazon S3 using AWS S3 SDK for .NET 使用AWS .NET SDK将文件上载到S3存储桶时,任务被取消了异常? - Task was cancelled exception when uploading file to S3 bucket using AWS .NET SDK? -AWS C#.Net Core-如何将.jpg图像上传到S3存储桶而不将其另存为文件 - -AWS C# .Net Core- How to upload a .jpg image to S3 bucket without saving it as a file 使用 .net SDK 从 Amazon S3 存储桶下载文件夹 - Download folder from Amazon S3 bucket using .net SDK 是否可以请求AWS S3下载文件? - Is it possible to request AWS S3 to download a file? S3存储桶中的AWS Lambda .net Core 2.1列表文件 - AWS lambda .net core 2.1 list files in S3 bucket AWS S3存储桶| 确定文件的日期计数和文件的年龄 - AWS S3 Bucket | Determine the count of file datewise and age of the file 读取公共AWS S3存储桶中的文件计数 - Read the file count in a public AWS S3 bucket 从AWS S3存储桶读取Excel文件 - Read excel file from AWS S3 Bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM