堆栈内存溢出
  简体   繁体   English

使用 generatePresignedPutUrl 时,Amazon S3 返回拒绝访问

[英]Amazon S3 returns Access Denied when using generatePresignedPutUrl

 原文  2021-10-14 14:25:38       node.js/ amazon-web-services/ amazon-s3

问题描述

I am trying to upload files with NodeJS to Amazon S3 in a private bucket but when I send the put request, AWS returns access denied and I don't understand why since the url has been generated through a generatePresignedPutUrl.我正在尝试使用 NodeJS 将文件上传到私有存储桶中的 Amazon S3,但是当我发送 put 请求时,AWS 返回访问被拒绝,我不明白为什么,因为 url 是通过 generatePresignedPutUrl 生成的。

Here is the bucket configuration in spanish but it just has all the protection boxes checked.这是西班牙语的存储桶配置,但它只选中了所有保护框。 在此处输入图片说明

Next I leave AWS configuration code in nodeJS:接下来我将 AWS 配置代码留在 nodeJS 中:

import AWS from 'aws-sdk';

const bucketName = 'atlasfitness-progress';
const region =process.env.AWS_REGION;
const accessKeyId = process.env.AWS_ACCESS_KEY
const secretAccessKey = process.env.AWS_SECRET_KEY

const s3 = new AWS.S3({
    region,
    accessKeyId,
    secretAccessKey,
    signatureVersion: 'v4'
})

export const generatePreSignedPutUrl = async (fileName, fileType) => {

    const params = ({
        Bucket: bucketName,
        Key: fileName,
        Expires: 1000
    })

    try {
        const url = await s3.getSignedUrlPromise('putObject', params);
        return url;
    } catch (err) {
        console.log(err);
        return
    }

}

Then I use curl with an image to the url generated by the generatePreSignedUrl然后我使用带有图像的 curl 到 generatePreSignedUrl 生成的 url

curl -X PUT -T name_image "url_generated_by_NodeJS_Code"

But the response I get is the following:但我得到的回应如下:

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CY87GFMPFE94HR3J</RequestId><HostId>PgvNz4AiH2C5Rtfb9ZvfY24ybqX3qGM/V9R81GgjEUDVikkNnqOkM/uWn+Q9+zRWKEaj0bMK0Qs=</HostId></Error>

If anyone knows what may be happening or how to solve it please let me know, thank you very much.如果有人知道可能会发生什么或如何解决它,请告诉我,非常感谢。

1 个解决方案

解决方案1
 0  2021-10-14 14:39:30

TL;DR - verify that the role/user you are using to generate the presigned URL has putObject permission to the bucket. TL;DR - 验证您用于生成预签名 URL 的角色/用户是否具有对存储桶的 putObject 权限。

The presigned URL has the encoded credentials of who generated the URL.预签名 URL 具有生成 URL 的编码凭据。 When the object arrives to S3, the service decode the credentials and check the policy assigned to those credentials.当对象到达 S3 时,服务会解码凭证并检查分配给这些凭证的策略。 Therefore if those credentials won't have the right permissions on the bucket, the access will be denied.因此,如果这些凭据对存储桶没有正确的权限,则访问将被拒绝。

Another option is that your session has expired by the time your request arrives to S3 (relevant in case you are using IAM role).另一种选择是当您的请求到达 S3 时您的会话已过期(与您使用 IAM 角色的情况相关)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Amazon S3 访问仅在 CopyObject 中被拒绝 - Amazon S3 Access Denied only in CopyObject 拒绝将文件上传到Amazon s3 - Access Denied in file upload to Amazon s3 尝试使用Node.js访问Amazon AWS S3服务时拒绝访问 - Receiving Access Denied when trying to access Amazon AWS S3 service with nodejs Amazon s3存储桶映像访问问题:访问被拒绝 - Amazon s3 bucket image access issue: Access Denied 使用 multer -s3 亚马逊服务器图片上传错误访问被拒绝 - using multer -s3 amazon server image upload error access denied Amazon S3 getObject() 收到 NodeJS 拒绝访问 - Amazon S3 getObject() receives access denied with NodeJS 尝试在 NodeJS 中使用 aws-sdk 在 S3 中创建文件夹时访问被拒绝 - Getting access denied when trying to create folder in S3 using aws-sdk in NodeJS 访问被拒绝从亚马逊S3获取具有完全权限设置的图像 - Access denied fetching images from amazon s3 with full permissions set 尝试上传到 s3 存储桶时被拒绝访问 - Getting Access Denied when trying to upload to s3 Bucket 亚马逊s3文件下载返回404 - amazon s3 file download returns 404
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM