AWS s3从Rails应用程序访问私有存储桶URL
[英]AWS s3 access PRIVATE bucket url from rails app
问题描述
I'm new to RoR. 
我是RoR的新手。
I'm creating a small app that uploads images and saves them in S3, the user cant attach all the images in a zip file and send it via email,to accomplish that im using rubyzip gem. 我正在创建一个上传图像并将其保存在S3中的小型应用程序,用户无法将所有图像附加到zip文件中并通过电子邮件发送,以使用rubyzip gem来实现。
Locally it works fine (Im following the gem documentation) 在本地工作正常(我遵循gem文档)
https://github.com/rubyzip/rubyzip/ https://github.com/rubyzip/rubyzip/
But in production for the "ZIP" action I need to give a source folder (in which is saved the image) and since all my images are saved in s3 bucket I give a path like the following: 但是在生产“ ZIP”操作时,我需要提供一个源文件夹(在其中保存图像),并且由于我所有的图像都保存在s3存储桶中,因此我给出了如下路径:
folder = 'https://'bucket-name'.s3.amazonaws.com/'
After research i fond similar cases, but none of them work for me, for example I tried How to retrieve attachment url with Rails Active Storage with S3 and it give me "No such file or directory" 经过研究,我喜欢类似的案例,但是它们都不适合我,例如,我尝试了如何使用带有S3的Rails Active Storage检索附件url,它给了我“没有这样的文件或目录”
2018-11-15T00:44:27.082416+00:00 app[web.1]: I, [2018-11-15T00:44:27.082337 #4] INFO -- : [db52fa26-32c2-4f7e-a766-7d39fd3ef062] Completed 500 Internal Server Error in 1532ms (ActiveRecord: 21.4ms)
2018-11-15T00:44:27.082915+00:00 app[web.1]: F, [2018-11-15T00:44:27.082844 #4] FATAL -- : [db52fa26-32c2-4f7e-a766-7d39fd3ef062]
2018-11-15T00:44:27.082988+00:00 app[web.1]: F, [2018-11-15T00:44:27.082916 #4] FATAL -- : [db52fa26-32c2-4f7e-a766-7d39fd3ef062] Errno::ENOENT (No such file or directory @ rb_file_s_lstat - https://bucket-name.s3.amazonaws.com):
2018-11-15T00:44:27.083054+00:00 app[web.1]: F, [2018-11-15T00:44:27.082985 #4] FATAL -- : [db52fa26-32c2-4f7e-a766-7d39fd3ef062]
My bucket is private so, make sense that it doesn't let me access it until I provide correct credentials, and here is the part where I dont have idea how to send the signature in the url to authenticate. 我的存储桶是私有的,因此,在我提供正确的凭据之前,它不允许我访问它,这是我不知道如何在url中发送签名进行身份验证的部分。 I have tried something like the following but it keeps giving me weird simbols 我已经尝试过类似以下的方法,但是它总是给我带来奇怪的辛博尔
kDate = OpenSSL::HMAC.digest('sha256', "AWS4" + secret_access_key, dateStamp)
kRegion = OpenSSL::HMAC.digest('sha256', kDate, regionName)
kService = OpenSSL::HMAC.digest('sha256', kRegion, serviceName)
signature = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
puts("#{s3_base_url}?AWSAccessKeyId=#{access_key_id}
&Expires=#{expiration_date}
&Signature=#{signature}")
this is the result when i print the signature 这是我打印签名时的结果
https://bucket-name.s3.amazonaws.com?AWSAccessKeyId=my-access-key
&Expires=1542416076
&Signature=Q�����>�9`o���r}�9��`�m��g��
Ps. 附言 Im also have created a IAM user with admin privileges 我还创建了一个具有管理员权限的IAM用户
Thanks, Im using ruby 2.5.1 and rails 5.2.0 Im super new with dealing with AMAZON so excuse if my question is to obvious 谢谢,我使用红宝石2.5.1和Rails 5.2.0我与AMAZON打交道非常新,如果我的问题很明显,请原谅
1 个解决方案
解决方案1
0 2018-11-15 03:47:50
I'm not sure about constructing a signed URL manually; 我不确定要手动构造一个签名的URL。 I've never tried it. 我从来没有尝试过。 However, the AWS gem has a presigned_url method for S3 objects that will construct them for you. 但是,AWS gem具有用于S3对象的presigned_url方法,它将为您构造它们。 You can then use that URL to access the object in the private bucket. 然后,您可以使用该URL访问私有存储桶中的对象。
See https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#presigned_url-instance_method 参见https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#presigned_url-instance_method
bucket = Aws::S3::Bucket.new bucket_name
object = bucket.object object_key
object.presigned_url(:get, expires_in: expiry)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.