堆棧內存溢出
  簡體   English   中英

AWS S3存儲桶臨時證書下載文件.Net

[英]AWS S3 bucket Temporary Credentials download file .Net

 原文  2017-10-26 14:15:56       c#/ .net/ amazon-web-services/ amazon-s3

問題描述

我在Amazon S3上有一個存儲桶,並且已經創建了IAM用戶。現在,我想使用臨時憑證下載私有存儲桶文件。

這是我的水桶政策 

{
    "Id": "Policy1509026195925",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1509026179419",
            "Action": [
                "s3:GetObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::test-folder/*",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::461567291450:user/john"
                ]
            }
        }
    ]
}

這是我的C#.Net代碼 

ServicePointManager.Expect100Continue = false;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            try
            {

                // In real applications, the following code is part of your trusted code. It has 
                // your security credentials you use to obtain temporary security credentials.
                AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig();
                AmazonSecurityTokenServiceClient stsClient =
                       new AmazonSecurityTokenServiceClient(config);

                GetFederationTokenRequest federationTokenRequest =
                                                     new GetFederationTokenRequest();
                federationTokenRequest.Name = "testuser";
               // federationTokenRequest.Policy = "Policy1509026195925";
                federationTokenRequest.DurationSeconds = 7200;

                GetFederationTokenResponse federationTokenResponse = stsClient.GetFederationToken(federationTokenRequest);
                //FederatedUser federationTokenResult = federationTokenResponse.;
                Credentials credentials = federationTokenResponse.Credentials;


                SessionAWSCredentials sessionCredentials =
                                 new SessionAWSCredentials(credentials.AccessKeyId,
                                                          credentials.SecretAccessKey,
                                                          credentials.SessionToken);

                // The following will be part of your less trusted code. You provide temporary security
                // credentials so it can send authenticated requests to Amazon S3. 
                // Create Amazon S3 client by passing in the basicSessionCredentials object.
                AmazonS3Client s3Client = new AmazonS3Client(sessionCredentials, Amazon.RegionEndpoint.USEast1);
                // Test. For example, send list object keys in a bucket.
                ListObjectsRequest listObjectRequest = new ListObjectsRequest();
                listObjectRequest.BucketName = bucketName;
                ListObjectsResponse response = s3Client.ListObjects(listObjectRequest);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }

每次我運行代碼時,都會收到“訪問被拒絕”消息。 為什么? 如何使用臨時憑證下載存儲桶文件?

1 個解決方案

解決方案1
 0 已采納  2017-10-26 15:00:57

您可以嘗試類似: 

assumeRoleResult = AssumeRole(role-arn);
tempCredentials = new SessionAWSCredentials(
   assumeRoleResult.AccessKeyId, 
   assumeRoleResult.SecretAccessKey, 
   assumeRoleResult.SessionToken);
s3Request = CreateAmazonS3Client(tempCredentials);

您需要調用AssumeRole來獲取臨時安全憑證,然后使用這些憑證來調用Amazon S3,請參閱切換到IAM角色(API)。

請參閱:結合使用臨時安全憑證和AWS開發工具包

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 有沒有辦法使用適用於 .NET 的 AWS SDK 將對象從 S3 存儲桶下載到文件目標? 使用AWS S3 SDK for .NET從Amazon S3下載並行批處理文件 使用AWS .NET SDK將文件上載到S3存儲桶時,任務被取消了異常? -AWS C#.Net Core-如何將.jpg圖像上傳到S3存儲桶而不將其另存為文件 使用 .net SDK 從 Amazon S3 存儲桶下載文件夾 是否可以請求AWS S3下載文件? S3存儲桶中的AWS Lambda .net Core 2.1列表文件 AWS S3存儲桶| 確定文件的日期計數和文件的年齡 讀取公共AWS S3存儲桶中的文件計數 從AWS S3存儲桶讀取Excel文件
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM