使用S3前缀策略。 Cognito用户。 Getobject返回权限被拒绝

时间:2016-11-01 01:40:37

标签: javascript amazon-web-services amazon-iam amazon-cognito

我无法使用凭据AWS.config.credentials =新AWS.CognitoIdentityCredentials使用S3进行getobject。我能够成功列出对象。但是,我无法进行getobject。请帮我。从很多个小时开始就在这方面苦苦挣扎。 这个问题与Similar question类似,但他没有得到任何答案。 使用政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "mobileanalytics:PutEvents",
                "cognito-sync:*",
                "cognito-identity:*"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::sailesh-test"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "${cognito-identity.amazonaws.com:sub}/*"
                    ]
                }
            }
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:*"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::sailesh-test/${cognito-identity.amazonaws.com:sub}/*"
            ]
        }
    ]
}

Javascript代码: 这是我的javascript代码。这是客户端代码。所以,我没有改变价值观。 

var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
            console.log('access token + ' + result.getAccessToken().getJwtToken());
            AWS.config.region = 'us-east-1';
            AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                IdentityPoolId : 'us-east-1:2a3a8b94-7eda-48ee-9541-1fb01f579475', 
                Logins : {
                    'cognito-idp.us-east-1.amazonaws.com/us-east-1_MsXMDEqlB' : result.getIdToken().getJwtToken()
                }
            });
            AWS.config.update({region: 'us-east-1'});
            console.log(result);
            var cognitoidentity = new AWS.CognitoIdentity();
            var params = {
                IdentityPoolId: 'us-east-1:2a3a8b94-7eda-48ee-9541-1fb01f579475',
                Logins: {
                    'cognito-idp.us-east-1.amazonaws.com/us-east-1_MsXMDEqlB' : result.getIdToken().getJwtToken()
                }
            };
            cognitoidentity.getId(params, function(err, data) {
                if (err) console.log(err, err.stack); // an error occurred
                else     console.log(data);           // returns us-east-1:5fe83d89-f0ef-42fa-a64a-4b1720f4e9da
            });
            var s3 = new AWS.S3();
            var params = {
                Bucket: 'sailesh-test', /* required */
                Key: 'us-east-1:5fe83d89-f0ef-42fa-a64a-4b1720f4e9da/sung.txt'
            };
            s3.getObject(params, function(err, data) {
                if (err) console.log(err, err.stack); // an error occurred
                else     console.log(data);           // successful response
            });
            s3.listObjects({Bucket: 'sailesh-test'}, function(err, data) {
                if (err) console.log(err);
                else console.log(data);
            });
            /*var ec2 = new AWS.EC2();
            var params = {
                ImageId: 'ami-c481fad3',
                MaxCount: 1,
                MinCount: 1,
                DryRun: true
            };
            ec2.runInstances(params, function(err, data) {
                if (err) console.log(err, err.stack); // an error occurred
                else     console.log(data);           // successful response
            });*/

        },

        onFailure: function(err) {
            alert(err);
        }

0 个答案:

没有答案
相关问题
最新问题