升级到3.0 PHP sdk,这可能是一个错误,因为它打破了一切。
我试图创建一个sts客户端,但它一直出现错误
Error executing "GetFederationToken" on "https://sts.amazonaws.com"; AWS HTTP error: Client error: 403 SignatureDoesNotMatch (client): Credential should be scoped to a valid region, not 'us-west-1'. - <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region, not 'us-west-1'. </Message>
</Error>
<RequestId>604fe518-2381-11e5-8b68-471c4b83f798</RequestId>
</ErrorResponse>
PHP代码
$config = \Config::get('shared_config');
$sdk = new \Aws\Sdk($config);
$sts = $sdk->createSts();
$result = $sts->getFederationToken(array(
'Name' => 'appuser',
'DurationSeconds' => 3600,
'Policy' => json_encode(array(
'Statement' => array(
array(
'Sid' => 'randomstatementid' . time(),
'Action' => array('s3:PutObject'),
'Effect' => 'Allow',
'Resource' => 'arn:aws:s3:::' . \Config::get('aws_bucket'),
)
)
))
));
其中$ config是
的数组array(
'region' => 'us-west-1',
'version' => 'latest',
'debug'=>true,
'credentials'=>array(
'key' => 'XXX',
'secret' => 'XXX',
)
因此该区域显然已设置且us-west-1为有效区域 https://docs.aws.amazon.com/general/latest/gr/rande.html
文档非常糟糕,但https://docs.aws.amazon.com/aws-sdk-php/v3/guide/getting-started/basic-usage.html#using-the-sdk-class就是我的追随者
并创建一个客户端 https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.Sdk.html 请参阅方法createSts
我也可以成功地使用具有相同凭据的s3客户端并执行命令。
$config = \Config::get('shared_config');
$sdk = new \Aws\Sdk($config);
$s3 = $sdk->createS3();
答案 0 :(得分:0)
在endpoint以外的任何区域使用STS时,您需要指定us-east-1参数。这尚未在v3中记录,但可以在v2 docs上找到。
请注意,在使用之前,您需要在控制台中手动启用us-east-1以外的任何端点。这种限制是STS独有的。