我正在尝试直接上传到s3。以前可以使用,但是它具有硬编码的凭据,我正尝试切换到从具有IAM角色的实例中检索的临时凭据。我正在测试的IAM角色具有完整的管理员权限。
我正在使用此库来生成签名:https://github.com/eddturtle/direct-upload
这是我的后端代码:
use Aws\Credentials\Credentials;
use Aws\Credentials\CredentialProvider;
use EddTurtle\DirectUpload\Signature;
$provider = CredentialProvider::defaultProvider();
$provider = CredentialProvider::memoize($provider);
$credentials = $provider()->wait();
$upload = new Signature($credentials->getAccessKeyId(), $credentials->getSecretKey(), $this->bucket, 'us-east-1', [
'default_filename' => '${filename}',
'content_type' => 'multipart/form-data',
'max_file_size' => '500',
'expires' => '+20 minutes',
]);
echo json_encode([
'url' => $upload->getFormUrl(),
'session_header' => $credentials->getSecurityToken(),
'inputs' => $upload->getFormInputs(),
]);
在前端,我传递所有表单输入,就像使用硬编码凭据时一样。区别在于我还在对亚马逊s3的POST请求中将session_header变量添加到x-amz-security-token头中(来自aws docs:https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
发出请求时,出现以下错误:
<Error>
<Code>
AccessDenied
</Code>
<Message>
No AWSAccessKey was presented.
</Message>
同样,如果我回过头来使用硬编码的凭据,而忽略了x-amz-security-token,一切都会正常。