通过 aws-sdk-go 签署 URL 时出现签名不匹配 403 错误
Signature Does Not Match 403 error when signing a URL via aws-sdk-go
我遵循了关于此问题的说明 https://github.com/aws/aws-sdk-go/issues/467,其中清楚地记录了如何为 PUT 请求创建预签名 url。目标是预签名url,所以我可以直接从浏览器安全地上传图片
key 和 secret 当然是我当前通过 SDK 处理直接 PutObject 请求的凭据
creds := credentials.NewStaticCredentials("key", "secret", "")
cfg := aws.NewConfig().WithRegion("us-west-2").WithCredentials(creds)
srv := s3.New(session.New(), cfg)
params := &s3.PutObjectInput{
Bucket: aws.String("my-bucket"),
Key: aws.String("/local/test/filename"),
}
req, _ := srv.PutObjectRequest(params)
url, err := req.Presign(15 * time.Hour)
if err != nil {
fmt.Println("error signing request", err)
}
fmt.Println("URL", url)
```
然后我接受 URL 并发出 curl 请求。我收到此回复
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>redacted</AWSAccessKeyId>
<StringToSign>redacted</StringToSign>
<SignatureProvided>redacted</SignatureProvided>
<StringToSignBytes>redacted</StringToSignBytes>
<CanonicalRequest>PUT
/local/test/filename
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=redacted%2Fus-west-2%2Fs3%2F%20aws4_request&X-Amz-Date=20161129T012909Z&X-Amz-Expires=54000&X-Amz-SignedHeaders=host
host:redacted.s3-us-west-2.amazonaws.com
host
UNSIGNED-PAYLOAD</CanonicalRequest>
<CanonicalRequestBytes>redacted</CanonicalRequestBytes>
<RequestId>redacted</RequestId>
<HostId>redacted</HostId>
</Error>
知道为什么预签名 URL 向我提供了一个据称不匹配的签名吗?同样,这些相同的凭据目前正在我的服务器上用于直接 PutObject 命令
我的存储桶策略配置不正确。我必须将我的 key/secret 与 IAM 政策交叉引用,并确保它们列在政策 "principals" 部分
我遵循了关于此问题的说明 https://github.com/aws/aws-sdk-go/issues/467,其中清楚地记录了如何为 PUT 请求创建预签名 url。目标是预签名url,所以我可以直接从浏览器安全地上传图片
key 和 secret 当然是我当前通过 SDK 处理直接 PutObject 请求的凭据
creds := credentials.NewStaticCredentials("key", "secret", "")
cfg := aws.NewConfig().WithRegion("us-west-2").WithCredentials(creds)
srv := s3.New(session.New(), cfg)
params := &s3.PutObjectInput{
Bucket: aws.String("my-bucket"),
Key: aws.String("/local/test/filename"),
}
req, _ := srv.PutObjectRequest(params)
url, err := req.Presign(15 * time.Hour)
if err != nil {
fmt.Println("error signing request", err)
}
fmt.Println("URL", url)
```
然后我接受 URL 并发出 curl 请求。我收到此回复
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>redacted</AWSAccessKeyId>
<StringToSign>redacted</StringToSign>
<SignatureProvided>redacted</SignatureProvided>
<StringToSignBytes>redacted</StringToSignBytes>
<CanonicalRequest>PUT
/local/test/filename
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=redacted%2Fus-west-2%2Fs3%2F%20aws4_request&X-Amz-Date=20161129T012909Z&X-Amz-Expires=54000&X-Amz-SignedHeaders=host
host:redacted.s3-us-west-2.amazonaws.com
host
UNSIGNED-PAYLOAD</CanonicalRequest>
<CanonicalRequestBytes>redacted</CanonicalRequestBytes>
<RequestId>redacted</RequestId>
<HostId>redacted</HostId>
</Error>
知道为什么预签名 URL 向我提供了一个据称不匹配的签名吗?同样,这些相同的凭据目前正在我的服务器上用于直接 PutObject 命令
我的存储桶策略配置不正确。我必须将我的 key/secret 与 IAM 政策交叉引用,并确保它们列在政策 "principals" 部分