我正在尝试使用aws-sdk为存储桶中的文件获取临时私有URL,但生成的URL在浏览器中为我提供了403。这是代码:
s3 = Aws::S3::Resource.new
bucket = s3.bucket('media.coolstuff.com')
obj = bucket.object('01.mp4')
obj.presigned_url(:get, expires_in: 3600, virtual_host: true)
返回:
=> "http://media.coolstuff.com:80/01.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJ75FYMC7AZWUI52A%2F20151024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20151024T224953Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=3bb646db5a50848bdc227066c5ecc70ad249dd404b63b8b799363aa360f18ef6"
在浏览器中,此网址会显示403:
403 Forbidden
Code: AccessDenied
Message: Access Denied
使用的凭据属于具有AmazonS3FullAccess权限的组中的用户。
如何为可在网络浏览器中访问的对象生成预签名网址?
答案 0 :(得分:0)
以下代码对我有用,请注意us-east-1
S3_URL_EXPIRY = 3600 * 24 * 2
S3_SIGNED_URL_REGION = 'us-east-1'.freeze
s3 = Aws::S3::Resource.new(region: S3_SIGNED_URL_REGION, access_key_id: *access_key_id*, secret_access_key: *secret_access_key*)
obj = s3.bucket('media.coolstuff.com').object('01.mp4')
obj.presigned_url(:get, expires_in: S3_URL_EXPIRY, virtual_host: true)
*access_key_id*& *secret_access_key*是您的access_key_id& secret_access_key分别。