[英]Amazon Cloudfront Signed URL Access denied issue
I am trying to build signed url of Amazone cloudfront for the contents that lies within my S3 buckets . 我正在尝试为S3存储桶中的内容构建Amazone cloudfront的签名URL。 i have followed the procedure of building a signed url from amazone aws doc that is http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-creating-signature-download-procedure but some reason that url i am building is getting this message "AccessDeniedAccess denied" .
我已经按照以下程序从amazone aws doc中构建了一个签名的URL: http: //docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html# 私有内容自定义策略创建签名下载过程,但是我正在构建url的某些原因正在收到此消息“ AccessDeniedAccess拒绝”。
I have also added the "Trusted Signers" as "self" from the Behaviors of the Distribution Settings and also add a orignin for that distribution . 我还从分发设置的行为中将“受信任的签名者”添加为“自我”,还为该分发添加了orignin 。 I am not sure what i am missing .
我不确定我想念的是什么。 here is my php code
这是我的PHP代码
<?php
function rsa_sha1_sign($policy, $private_key_filename)
{
$signature = "";
// load the private key
$fp = fopen($private_key_filename, "r");
$priv_key = fread($fp, 8192);
fclose($fp);
//echo $priv_key;
$pkeyid = openssl_get_privatekey($priv_key);
// compute signature
openssl_sign($policy, $signature, $pkeyid);
// free the key from memory
openssl_free_key($pkeyid);
//echo $signature;
return $signature;
}
function url_safe_base64_encode($value)
{
$encoded = base64_encode($value);
// replace unsafe characters +, = and / with
// the safe characters -, _ and ~
return str_replace(
array('+', '=', '/'),
array('-', '_', '~'),
$encoded);
}
$key_pair_id = "MY_KEY_PAIR_ID";
$donwload_cname = "MY_DOWNLOAD_CNAME";
$download_url = "MY_DOMAIN_NAME/download/2012/01/FILE_NAME.mp3";
$DateLessThan = time() + (24*7*60*60);
$policy = '{"Statement":[{"Resource":"'.$download_url.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$DateLessThan.'}}}]}';
$private_key_file = "MY_PRIVATE_KEY_FILE.pem";
$signature = rsa_sha1_sign($policy, $private_key_file);
$signature = url_safe_base64_encode($signature);
$final_url = $download_url.'?Policy='.url_safe_base64_encode($policy).'&Signature='.$signature.'&Key-Pair-Id='.$key_pair_id;
echo $final_url;
?>
i have tried with both the domain name and cname for the download_url but no effect . 我已经尝试过为download_url使用域名和cname,但是没有效果。 that is i have tried both of the url format
那就是我尝试了两种网址格式
$download_url = "MY_DOMAIN_NAME/download/2012/01/FILE_NAME.mp3"
$download_url = "MY_DOWNLOAD_CNAME/download/2012/01/FILE_NAME.mp3"
but none work . 但是没有办法。 can anyone help me on this .
谁可以帮我这个事 。 I am sure that something very small is missing here or something need to be done with the bucket settings but no idea what to do now .
我确信这里缺少一些很小的东西,或者需要对存储桶设置进行某些操作,但不知道现在该怎么做。 need urgent help
需要紧急帮助
You have to add the protocol(http:// or https://) too in your download URL. 您还必须在下载URL中添加协议(http://或https://)。 Because the signature with and without that would be different.
因为有和没有签名都将不同。 Cloud front backend might be generating the signature using the full URL(with http:// or https://) and the signature is not matching with yours and you are getting access denied error.
云前端后端可能正在使用完整的URL(带有http://或https://)生成签名,并且签名与您的不匹配,并且您将获得拒绝访问错误。
Make your download url like following, 使您的下载网址如下所示,
$download_url = "http://MY_DOMAIN_NAME/download/2012/01/FILE_NAME.mp3"
or for https:// 或https://
$download_url = "https://MY_DOMAIN_NAME/download/2012/01/FILE_NAME.mp3"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.