cURL和s3 GET

时间:2016-09-21 03:11:53

标签: curl amazon-s3

我正在试图找出我需要提供的内容,以便对使用服务器端加密通过kms密钥加密的s3对象执行GET操作。当我尝试在我的测试文档上执行cURL时,我收到以下错误:

  

使用AWS KMS托管密钥指定服务器端加密的请求   需要AWS签名版本4。

更新:添加curl的结果

$ curl -v https://s3-us-west-2.amazonaws.com/rkbtest/check.png
*   Trying 54.231.185.12...
* Connected to s3-us-west-2.amazonaws.com (54.231.185.12) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.s3-us-west-2.amazonaws.com
* Server certificate: DigiCert Baltimore CA-2 G2
* Server certificate: Baltimore CyberTrust Root
> GET /rkbtest/check.png HTTP/1.1
> Host: s3-us-west-2.amazonaws.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< x-amz-request-id: 2DECE9C69BDB8F0F
< x-amz-id-2: bs8xGSbAHksE2mSb/+r4AG3B9RlRTODasFyr5S3jMU2sNA7eJTEQr0dJTro5P2QKLRuMQtGw6tk=
< x-amz-region: us-west-2
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 21 Sep 2016 15:26:13 GMT
< Connection: close
< Server: AmazonS3
<
<?xml version="1.0" encoding="UTF-8"?>
* Closing connection 0
<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>2DECE9C69BDB8F0F</RequestId><HostId>bs8xGSbAHksE2mSb/+r4AG3B9RlRTODasFyr5S3jMU2sNA7eJTEQr0dJTro5P2QKLRuMQtGw6tk=</HostId></Error>

1 个答案:

答案 0 :(得分:2)

要使用curl下载文件,您需要定义以下身份验证标头:

Authorization: AWS AWSAccessKeyId:Signature
  

Amazon S3 REST API使用标准HTTP Authorization标头来传递身份验证信息。

     

开发人员在注册时会获得AWS访问密钥ID和AWS秘密访问密钥。对于请求身份验证,AWSAccessKeyId元素标识用于计算签名的访问密钥ID,间接地标识发出请求的开发人员。

     

Signature元素是请求中所选元素的RFC 2104 HMAC-SHA1,因此Authorization标头的Signature部分会因请求而异。

示例GET请求:

GET /photos/puppy.jpg HTTP/1.1
Host: johnsmith.s3.amazonaws.com
Date: Tue, 27 Mar 2007 19:36:42 +0000

Authorization: AWS AKIAIOSFODNN7EXAMPLE:
bWq2s1WEIj+Ydj0vQ697zp+IXMU=

示例PUT请求:

PUT /photos/puppy.jpg HTTP/1.1
Content-Type: image/jpeg
Content-Length: 94328
Host: johnsmith.s3.amazonaws.com
Date: Tue, 27 Mar 2007 21:15:45 +0000

Authorization: AWS AKIAIOSFODNN7EXAMPLE:
MyyxeRY7whkBe+bq8fHCL/2kKUg=

来源:Signing and Authenticating REST Requests

或者你应该使用aws命令,例如

aws s3 cp s3://rkbtest/check.png ./

在此之前,您需要配置AWS Signature Version

  

签名版本4,用于在所有AWS区域中验证对AWS服务的入站API请求的协议。

例如:

aws configure set default.s3.signature_version s3v4

或特定的个人资料:

aws configure set profile.<profilename>.s3.signature_version s3v4

来源:aws/aws-cli/issues/1006 at GitHub

相关问题
最新问题