如何使用 Python 在 Lambda 中为 CloudFront 生成 SignedUrls?
How to Generate SignedUrls for CloudFront in Lambda Using Python?
我的 python 代码目前有问题,此代码生成 Cloud Front 签名 URL 并打印它。我在 VS Code 中有一个虚拟环境,它工作正常,但是一旦我将它上传到 lambda,我就会收到错误消息:“errorMessage”:“No module named '_cffi_backend”“
我试过了:
pip install -t $PWD cffi
pip install -t $PWD 加密
将它们压缩成一个 .zip 文件并将其上传到 lambda 以满足要求,我还压缩了我的虚拟环境中具有工作依赖项的所有包。
我该如何解决这个问题?我需要它在 lambda 中,并且我之前也重新安装了 cffi。
import datetime
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from botocore.signers import CloudFrontSigner
def rsa_signer(message):
with open('key.pem', 'rb') as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
print (message)
return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())
def lambda_handler(event, context):
key_id = 'APKAJSKEXampleKNQ'
url = 'https://example.com/example.html'
expire_date = datetime.datetime(2021, 1, 1)
cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
# Create a signed url that will be valid until the specfic expiry date
# provided using a canned policy.
signed_url = cloudfront_signer.generate_presigned_url(
url, date_less_than=expire_date)
print(signed_url)
{
"errorMessage": "No module named '_cffi_backend'",
"errorType": "ModuleNotFoundError",
"stackTrace": [
" File \"/var/task/why.py\", line 31, in lambda_handler\n url, date_less_than=expire_date)\n",
" File \"/var/runtime/botocore/signers.py\", line 344, in generate_presigned_url\n signature = self.rsa_signer(policy)\n",
" File \"/var/task/why.py\", line 15, in rsa_signer\n backend=default_backend()\n",
" File \"/var/task/cryptography/hazmat/backends/__init__.py\", line 15, in default_backend\n from cryptography.hazmat.backends.openssl.backend import backend\n",
" File \"/var/task/cryptography/hazmat/backends/openssl/__init__.py\", line 7, in <module>\n from cryptography.hazmat.backends.openssl.backend import backend\n",
" File \"/var/task/cryptography/hazmat/backends/openssl/backend.py\", line 109, in <module>\n from cryptography.hazmat.bindings.openssl import binding\n",
" File \"/var/task/cryptography/hazmat/bindings/openssl/binding.py\", line 14, in <module>\n from cryptography.hazmat.bindings._openssl import ffi, lib\n"
]
}
我阅读了“boto”Cloud Front Signer 的源代码,发现所有功能都是内置的。没有必要使用“cryptography.hazmat”。
我将上面的代码改成了更简单的代码。
from boto.cloudfront.distribution import Distribution
from boto.cloudfront import CloudFrontConnection
from botocore.signers import CloudFrontSigner
import datetime
import rsa
def rsa_signer(message):
private_key = open('key.pem', 'r').read()
return rsa.sign(message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')),'SHA-1')
def lambda_handler(event, context):
url = "https://Example.com/Register.html"
expire_date = datetime.datetime(2021, 1, 1)
key_id = 'APKAJSEXAMPLENXQ'
cf_signer = CloudFrontSigner(key_id, rsa_signer)
signed_url = cf_signer.generate_presigned_url(url, date_less_than=expire_date)
print(signed_url)
任何想知道这是如何使用 python 正确生成 Cloud Front PresignedUrl 的人。确保在上传到 lambda 时将“boto”和“rsa”打包到您的 zip 文件中。
我的 python 代码目前有问题,此代码生成 Cloud Front 签名 URL 并打印它。我在 VS Code 中有一个虚拟环境,它工作正常,但是一旦我将它上传到 lambda,我就会收到错误消息:“errorMessage”:“No module named '_cffi_backend”“
我试过了:
pip install -t $PWD cffi
pip install -t $PWD 加密
将它们压缩成一个 .zip 文件并将其上传到 lambda 以满足要求,我还压缩了我的虚拟环境中具有工作依赖项的所有包。
我该如何解决这个问题?我需要它在 lambda 中,并且我之前也重新安装了 cffi。
import datetime
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from botocore.signers import CloudFrontSigner
def rsa_signer(message):
with open('key.pem', 'rb') as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
print (message)
return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())
def lambda_handler(event, context):
key_id = 'APKAJSKEXampleKNQ'
url = 'https://example.com/example.html'
expire_date = datetime.datetime(2021, 1, 1)
cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
# Create a signed url that will be valid until the specfic expiry date
# provided using a canned policy.
signed_url = cloudfront_signer.generate_presigned_url(
url, date_less_than=expire_date)
print(signed_url)
{
"errorMessage": "No module named '_cffi_backend'",
"errorType": "ModuleNotFoundError",
"stackTrace": [
" File \"/var/task/why.py\", line 31, in lambda_handler\n url, date_less_than=expire_date)\n",
" File \"/var/runtime/botocore/signers.py\", line 344, in generate_presigned_url\n signature = self.rsa_signer(policy)\n",
" File \"/var/task/why.py\", line 15, in rsa_signer\n backend=default_backend()\n",
" File \"/var/task/cryptography/hazmat/backends/__init__.py\", line 15, in default_backend\n from cryptography.hazmat.backends.openssl.backend import backend\n",
" File \"/var/task/cryptography/hazmat/backends/openssl/__init__.py\", line 7, in <module>\n from cryptography.hazmat.backends.openssl.backend import backend\n",
" File \"/var/task/cryptography/hazmat/backends/openssl/backend.py\", line 109, in <module>\n from cryptography.hazmat.bindings.openssl import binding\n",
" File \"/var/task/cryptography/hazmat/bindings/openssl/binding.py\", line 14, in <module>\n from cryptography.hazmat.bindings._openssl import ffi, lib\n"
]
}
我阅读了“boto”Cloud Front Signer 的源代码,发现所有功能都是内置的。没有必要使用“cryptography.hazmat”。
我将上面的代码改成了更简单的代码。
from boto.cloudfront.distribution import Distribution
from boto.cloudfront import CloudFrontConnection
from botocore.signers import CloudFrontSigner
import datetime
import rsa
def rsa_signer(message):
private_key = open('key.pem', 'r').read()
return rsa.sign(message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')),'SHA-1')
def lambda_handler(event, context):
url = "https://Example.com/Register.html"
expire_date = datetime.datetime(2021, 1, 1)
key_id = 'APKAJSEXAMPLENXQ'
cf_signer = CloudFrontSigner(key_id, rsa_signer)
signed_url = cf_signer.generate_presigned_url(url, date_less_than=expire_date)
print(signed_url)
任何想知道这是如何使用 python 正确生成 Cloud Front PresignedUrl 的人。确保在上传到 lambda 时将“boto”和“rsa”打包到您的 zip 文件中。