![](/img/trans.png)
[英]How I can generated pre-signed url for different file versions of AWS S3 objects in NodeJS?
[英]Dockerized NodeJS in Fargate can't generate a working AWS pre-signed URL
我有一個 dockerized NodeJS 應用程序,我將圖像放在 AWS ECR 中。 它使用 docker-compose 在我的本地環境中運行良好,我可以生成一個預簽名的 PUT URL。 預簽名的 URL 也有效,我可以將對象上傳到其中。 我嘗試使用 ECS Fargate 運行相同的 ECR 映像,但是我無法將對象放入生成的預簽名 URL 中。 我收到拒絕訪問錯誤。
編輯:我懷疑問題來自 IAM 角色和權限。 我通過 CloudFormation 構建了 ECS Fargate 基礎設施,但似乎角色設置正確:
ECSTaskExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${ContainerName}-ECSTaskExecutionRolePolicy"
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource:
- !Ref DBHostSSMARN
- !Ref DBPortSSMARN
- !Ref DBUsernameSSMARN
- !Ref DBPasswordSSMARN
Effect: Allow
Action:
- "ssm:GetParameters"
- "secretsmanager:GetSecretValue"
- "kms:Decrypt"
- Resource: "*"
Effect: Allow
Action:
- cloudwatch:*
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- Resource:
- !Sub arn:aws:s3:::${VideoRepoName}
- !Sub arn:aws:s3:::${VideoRepoName}/*
Effect: Allow
Action:
- s3:*
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.