问题描述
我正在尝试使用AWS CLI生成一个预签名URL,以使用浏览器或邮递员下载文件。 我在Windows上使用Powershell。
我将尝试简单地展示我的工作:
C:\WINDOWS\system32> aws s3 ls
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
C:\WINDOWS\system32> aws s3 ls --profile SysAdmin_dev
Enter MFA code for arn:aws:iam::808042679380:mfa/amaury:
2020-02-13 17:30:41 ibiza-dev-multimedia-links
--->正确的配置文件没问题
C:\WINDOWS\system32> aws s3 presign s3://ibiza-dev-multimedia-links/Total_Crime.csv --profile SysAdmin_dev
https://ibiza-dev-multimedia-links.s3.amazonaws.com/Total_Crime.csv?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAVC2MUSDI4T7PN2X6%2F20200820%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20200820T150950Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=FwoGZXIvYXdzEHEaDGT6E7nJiP7cjXvBUSK%2FAVzXAMR589AwsBwdp%2BgLYgDuvrrjGUjBf5Q%2F01UD1K6XU%2FHs4WrqfZ1Jrt5yCG%2FNFdvmsu7HINQZiXd12cpa0Uwhm%2B1ChN4L%2FG%2FpHFtqRSe5CIjgvWd75zFIatxS%2BdCO38jbnVX2MZhbgWWPZDXlmkulIyWhVwRa24FWeRUVGPtNE%2FOivyJT%2BHB7GWmY9FYtAfEIwS3cny6aGSWz0Rolm5gDttn99Wbt104UZ%2BGUn4rDY80SucSvSe1Ld0k5AZXjKK%2Bk%2BvkFMi3uJy7S5YCUz6DcLw86M9%2Fxm2I5H1Ng0IrIlKm7f84OhdEzisuIrBI7F1keKKk%3D&X-Amz-Signature=1c37dc94ee85128f72e4481f22fec19645b0d6d6bcda722dd7c6fda7801d2097
现在,如果我从Powershell复制/粘贴到浏览器或邮递员,则会出现此错误:
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>ASIAVC2MUSDI4T7PN2X6</AWSAccessKeyId>
<StringToSign>AWS4-HMAC-SHA256 20200820T150950Z 20200820/eu-central-1/s3/aws4_request d0625604209330ac9fe3acf4b0a4265b0b689d04b4ae59896a24e41238a3f69c</StringToSign>
<SignatureProvided>1c37dc94ee85128f72e4481f22fec19645b0d6d6bcda722dd7c6fda7801d2097</SignatureProvided>
<StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 30 30 38 32 30 54 31 35 30 39 35 30 5a 0a 32 30 32 30 30 38 32 30 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 64 30 36 32 35 36 30 34 32 30 39 33 33 30 61 63 39 66 65 33 61 63 66 34 62 30 61 34 32 36 35 62 30 62 36 38 39 64 30 34 62 34 61 65 35 39 38 39 36 61 32 34 65 34 31 32 33 38 61 33 66 36 39 63</StringToSignBytes>
<CanonicalRequest>GET /Total_Crime.csv X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAVC2MUSDI4T7PN2X6%2F20200820%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20200820T150950Z&X-Amz-Expires=3600&X-Amz-Security-Token=FwoGZXIvYXdzEHEaDGT6E7nJiP7cjXvBUSK%2FAVzXAMR589AwsBwdp%2BgLYgDuvrrjGUjBf5Q%2F01UD1K6XU%2FHs4WrqfZ1Jrt5yCG%2FNFdvmsu7HINQZiXd12cpa0Uwhm%2B1ChN4L%2FG%2FpHFtqRSe5CIjgvWd75zFIatxS%2BdCO38jbnVX2MZhbgWWPZDXlmkulIyWhVwRa24FWeRUVGPtNE%2FOivyJT%2BHB7GWmY9FYtAfEIwS3cny6aGSWz0Rolm5gDttn99Wbt104UZ%2BGUn4rDY80SucSvSe1Ld0k5AZXjKK%2Bk%2BvkFMi3uJy7S5YCUz6DcLw86M9%2Fxm2I5H1Ng0IrIlKm7f84OhdEzisuIrBI7F1keKKk%3D&X-Amz-SignedHeaders=host host:ibiza-dev-multimedia-links.s3.eu-central-1.amazonaws.com host UNSIGNED-PAYLOAD</CanonicalRequest>
<CanonicalRequestBytes>47 45 54 0a 2f 54 6f 74 61 6c 5f 43 72 69 6d 65 2e 63 73 76 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 53 49 41 56 43 32 4d 55 53 44 49 34 54 37 50 4e 32 58 36 25 32 46 32 30 32 30 30 38 32 30 25 32 46 65 75 2d 63 65 6e 74 72 61 6c 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 30 30 38 32 30 54 31 35 30 39 35 30 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 65 63 75 72 69 74 79 2d 54 6f 6b 65 6e 3d 46 77 6f 47 5a 58 49 76 59 58 64 7a 45 48 45 61 44 47 54 36 45 37 6e 4a 69 50 37 63 6a 58 76 42 55 53 4b 25 32 46 41 56 7a 58 41 4d 52 35 38 39 41 77 73 42 77 64 70 25 32 42 67 4c 59 67 44 75 76 72 72 6a 47 55 6a 42 66 35 51 25 32 46 30 31 55 44 31 4b 36 58 55 25 32 46 48 73 34 57 72 71 66 5a 31 4a 72 74 35 79 43 47 25 32 46 4e 46 64 76 6d 73 75 37 48 49 4e 51 5a 69 58 64 31 32 63 70 61 30 55 77 68 6d 25 32 42 31 43 68 4e 34 4c 25 32 46 47 25 32 46 70 48 46 74 71 52 53 65 35 43 49 6a 67 76 57 64 37 35 7a 46 49 61 74 78 53 25 32 42 64 43 4f 33 38 6a 62 6e 56 58 32 4d 5a 68 62 67 57 57 50 5a 44 58 6c 6d 6b 75 6c 49 79 57 68 56 77 52 61 32 34 46 57 65 52 55 56 47 50 74 4e 45 25 32 46 4f 69 76 79 4a 54 25 32 42 48 42 37 47 57 6d 59 39 46 59 74 41 66 45 49 77 53 33 63 6e 79 36 61 47 53 57 7a 30 52 6f 6c 6d 35 67 44 74 74 6e 39 39 57 62 74 31 30 34 55 5a 25 32 42 47 55 6e 34 72 44 59 38 30 53 75 63 53 76 53 65 31 4c 64 30 6b 35 41 5a 58 6a 4b 4b 25 32 42 6b 25 32 42 76 6b 46 4d 69 33 75 4a 79 37 53 35 59 43 55 7a 36 44 63 4c 77 38 36 4d 39 25 32 46 78 6d 32 49 35 48 31 4e 67 30 49 72 49 6c 4b 6d 37 66 38 34 4f 68 64 45 7a 69 73 75 49 72 42 49 37 46 31 6b 65 4b 4b 6b 25 33 44 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 69 62 69 7a 61 2d 64 65 76 2d 6d 75 6c 74 69 6d 65 64 69 61 2d 6c 69 6e 6b 73 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes>
<RequestId>AFB93BEF1BD33E10</RequestId>
<HostId>XFIDaleLZhG5UkJjsg33Zk0vDP0HhwYiQFqhTI6CV6IAuvogGgJAQci9dZw1fJlBTIWnPyTL4NA=</HostId>
</Error>
:(
我的〜/ .aws / credentials就是这样
[default]
aws_access_key_id = AKIA3YIYYZRKCOUO6BOR
aws_secret_access_key = <secret>
和我的〜/ .aws / config
[default]
region = eu-central-1
output = json
s3 =
signature_version = s3v4
[profile SysAdmin_dev]
role_arn = arn:aws:iam::349663695057:role/SysAdmin
source_profile = default
region = eu-central-1
mfa_serial = arn:aws:iam::808042679380:mfa/amaury
我看到的唯一可疑的事情是我不知道ASIAVC2MUSDI4T7PN2X6访问密钥来自何处。这些文件中没有内容(环境变量中也没有)。
我需要进行哪些配置才能使其正常工作?
谢谢, 阿莫里
PS:我尝试直接使用其他用户,但没有成功为其配置s3 signature_version = s3v4:/
如您所见,生成的url中没有v4身份验证信息:
https://ibiza-dev-multimedia-links.s3.amazonaws.com/Total_Crime.csv?AWSAccessKeyId=AKIAVC2MUSDIV266HPU5&Signature=hQEWsKQOwUDYlbrmE3Ng3QETj7o%3D&Expires=1597942597
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)