使用从lambda检索到的预签名URL发布文件时出现403禁止错误
What I expect is as shown in the image.
①附加了S3完全访问策略
② lambda在VPC专网中,代码如下
import { getSignedUrl } from '@aws-sdk/s3-request-presigner'
import { PutObjectCommandInput, S3Client } from '@aws-sdk/client-s3'
const Bucket = process.env.BUCKET_NAME!
const client = new S3Client({
region: process.env.AWS_REGION!,
})
const params: PutObjectCommandInput = {
Bucket,
Key: `xxxxx/yyyyy`
}
return await getSignedUrl(client, new PutObjectCommand(params), { expiresIn: 3000 })将此URL返回给用户
我又试了一个密码
import { S3RequestPresigner, } from '@aws-sdk/s3-request-presigner'
import { parseUrl } from '@aws-sdk/url-parser'
import { Hash } from '@aws-sdk/hash-node'
import { HttpRequest } from '@aws-sdk/protocol-http'
const Bucket = process.env.BUCKET_NAME
const client = new S3Client({
region: process.env.AWS_REGION!,
})
const s3ObjectUrl = parseUrl(`https://${Bucket}.s3.${process.env.AWS_REGION}.amazonaws.com/xxxxx/yyyyy`)
const presigner = new S3RequestPresigner({
credentials: { accessKeyId: process.env.AWS_ACCESS_KEY_ID!, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY! },
region: process.env.AWS_REGION!,
sha256: Hash.bind(null, 'sha256'),
})
return await presigner.presign(new HttpRequest({ ...s3ObjectUrl, method: 'PUT' }), { expiresIn: 3000 })③S3 Bucket允许从lambdas访问
④但如果用户在post man中使用lambda返回的URL,则会导致403 Forbidden(SignatureDoesNotMatch)错误。
一些返回的错误
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>代码有问题吗?或者是lambda或者s3的权限有问题?不知道...
1条答案
按热度按时间6ovsh4lw1#
我解决了这个问题,但回答了一个相关的问题,这是几个小时的PUT请求,而不是POST,我花了几个小时犯了这样的错误...