stackoom
  简体   繁体   中英

AWS S3 Go Sdk - Presigned url unable upload file when add ACL

 原文  2021-03-16 14:20:44       amazon-web-services/ go/ amazon-s3/ acl

Question

I have a go services that generate a presigned url to upload a file:

sess, err := session.NewSession(&aws.Config{
    Region: aws.String(os.Getenv(AwsRegionEnv))},
)
if err != nil {
    return nil, err
}

svc := s3.New(sess)

req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
    Bucket: aws.String(os.Getenv(BucketNameEnv)),
    Key:    aws.String(getFileName(file, customer)),
})

minutesTimeout, err := strconv.Atoi(os.Getenv(TimeoutURL))
if err != nil {
    return nil, err
}

str, err := req.Presign(time.Duration(minutesTimeout) * time.Minute)
if err != nil {
    return nil, err
}

So, I can upload a file using this presigned url using curl:

curl -vT test.pdf '<<URL PRESIGNED>>'

But, when I add an ACL, this not work, the modification are:

req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
    Bucket: aws.String(os.Getenv(BucketNameEnv)),
    Key:    aws.String(getFileName(file, customer)),
    ACL:    aws.String(s3.ObjectCannedACLAuthenticatedRead),
})

When I tried upload a file using the presigned url with ACL, I got this error:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>SignatureDoesNotMatch</Code>
   <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
   <AWSAccessKeyId>ASIAS...</AWSAccessKeyId>
   <StringToSign>AWS4-HMAC-SHA256
20210316T135400Z
20210316/us-east-2/s3/aws4_request
d7ab7d377b719636610b11793e3e68e104a3f41fb9f9f5608138a8c2b19ceaf3</StringToSign>
    <SignatureProvided>bd59fbb080..</SignatureProvided>
    <StringToSignBytes>41 57 53...</StringToSignBytes>
    <CanonicalRequest>PUT
/35527810/sampleVpacheco3.pdf
X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=...%2Fus-east-2%2Fs3%2Faws4_request&amp;X-Amz-Date=20210316T135400Z&amp;X-Amz-Expires=300&amp;X-Amz-Security-Token=IQoJb3JpZ2luX2VjEN7%2F%2F...&amp;X-Amz-SignedHeaders=host%3Bx-amz-acl
host:adl-digital-dev-document-manager.s3.us-east-2.amazonaws.com
x-amz-acl:

host;x-amz-acl
UNSIGNED-PAYLOAD</CanonicalRequest>
    <CanonicalRequestBytes>50 55 54...</CanonicalRequestBytes>
    <RequestId>0V6FWNNGK2QCDA1V</RequestId>
    <HostId>rE4rkv...</HostId>
</Error>

Any idea how I can add ACL and can upload a file successfully?

Full URL is:

https://document-manager.s3.us-east-2.amazonaws.com/35527810/sampleVpacheco5.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIASN3IRSVR%2F20210316%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20210316T143240Z&X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEN7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIGW4j1R7H3wIxUAN8FytKbDTRne4pJGJ9I4ofpXeh%2FcaAiBFTdRNVug9WODzLdCoMcFRVzFZ%2FtGeaweeteSSTY6yMSqtAwgXEAIaDDE2NzE4NjEwOTc5NSIMh1JvraENxW8E5aBqKooDLx39b6Lx1%2Fw6AtGMSzlYRILNIXdB2Ouviq0pUlfPVCSFlZnPzo%2F%2B6%2B8ZcIpHM8E%2FDjEn1NF1lvcz9QKsuXJI94XuVCSRGiBBRvpIdm%2Ff001q3C%2FmZW2I1aMsfV518LTtEQigJ%2Fv80TPVSv7ZozoR9Zae4W3C3efjm2sJ%2BkVkI%2FBm7z6Vd97Q%2BbpVztf8Lp4GImDp1G72wtOP7wq9wSDYzFEzUja91r7g97py1Wzin6%2BXUNX68yAH%2BRePqyW6by4Lht8086B7YQcj6h77kxwE89C1NMYhKPiNl1y%2Ff4NukwWxW%2FTefqSW3Qr26eDfTV%2FVyR7%2FeNCf7OOtpkGZEmOnFbd%2FyY6wVOARcTdixQkPKKu2GAkz%2B8xuNY10uTGoh2vul3gUWBZF4Yl13R7kIq%2FPBb1UVl%2BatCwN%2BDBMj22cM4Pn%2BOJPyqxCjcfyIXwRsiYDTmmtiSIWrTvSEQaWf1Dc95lQVToA2ZsAxB8LO88%2FEz0t3FUpPw0ncgbLbHedcRYqvV62RDRQK%2FI9zjCz78KCBjqnAfzDcfP25%2BIr6ia4elbxSDOWIIv%2FjZOLlRDedHdqLKCDjYbgXoWrTQTt%2BZCRlV7UtJxo%2ByVeJvsjmb3BdI4IjI8wd8XjkV5qMejJbFcmFIQV7df0cdGY7U6nOO8gxGK9fj7Fb1Y0DtZaCxaZU8D0d2iTfUn8kl%2FT0GwSPDZqz1I6oJuG58KLR%2BVKRhuZrhTq8%2Fm98cLg7diuwt%2Bt1RwL%2BK9oonqHqXcE&X-Amz-SignedHeaders=host%3Bx-amz-acl&X-Amz-Signature=27d1fae2f60187dce85b175980c4e91334fe2a0f192d220244aa4a27e798ec9f

I Tired this:

  • add header x-amc-acl: -H "x-amc-acl: authenticated-read"
  • add header host: -H "host: 127.0.0.1"
  • Modify URL, changing host%3Bx-amz-acl by host;x-amc-acl

Thanks!

1 answers

solution1
 0  2022-11-26 19:34:06

it worked for me after adding acl properties in query param

req, _ := svc.GetObjectRequest(&s3.GetObjectInput{
  Bucket: aws.String(bucket),
  Key:    aws.String(key),
})
q := req.HTTPRequest.URL.Query()
q.Add("x-amz-acl", "public-read")
q.Add("Content-Type", contentType)
req.HTTPRequest.URL.RawQuery = q.Encode()

presigned, err := req.Presign(5 * time.Minute)
if err != nil {
  fmt.Printf("Error presigning URL: %v\n", err)
}
fmt.Println(presigned)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to upload file on s3 presigned url How to upload an object using presigned URL along with tags in s3 aws-sdk-ruby v3 AWS S3 presigned url upload returns 200 but the file is not in the bucket using NodeJS & node-fetch Unable to upload image file to s3 from React with Node presigned url S3 AWS - generating presigned url in R AWS S3 presigned url issue with asterisk AWS Java SDK 2.0 S3 presigned URL public object access What is the best way to create multipart upload to a presigned url in aws s3 bucket? PUT file to S3 with presigned URL S3 golang Multipart upload using Presigned url
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM