Lambda:亚马逊s3直接上传错误签名不匹配

时间:2016-12-30 08:25:26

标签: node.js amazon-web-services amazon-s3 aws-lambda pre-signed-url

我想使用预先签名的网址将图像文件上传到AWS s3存储桶,但是我在屏幕截图中显示错误,我已经关注了此页面中的帖子{{3}我想知道我犯了什么错误,而且我想知道这是否是服务器方面的问题,或者我应该使用一些不同的方法来制作请求预先签名'网址,谢谢。

s3 direct file upload

我的serverless.yml 

service: my-service-api

provider:
  name: aws
  runtime: nodejs4.3
  stage:  dev
  region: us-east-1
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "dynamodb:*"        
      Resource: "*"
    - Effect: "Allow"
      Action:
        - "s3:*"        
      Resource: "arn:aws:s3:::profile-images/*"   

custom:
  globalResultTtlInSeconds: 1

package:
  individually: true
  include:
    - node_modules/mysql/**
    - node_modules/bluebird/**
    - node_modules/joi/**
  exclude:
    - .git/**
    - .bin/**
    - tmp/**
    - api/**
    - node_modules/**
    - utils/**
    - package.json
    - npm_link.sh
    - templates.yml

functions:
  profiles:
    handler: api/profiles/handler.profiles
    events:
      - http:
          method: POST
          path: api/profiles/uploadURL
          cors: true
          integration: lambda
          request: ${file(./templates.yml):request}  
          authorizer: 
            arn: arn:aws:lambda:us-east-1:000000000000:function:customAuthorizer
            resultTtlInSeconds: ${self:custom.globalResultTtlInSeconds}
            identitySource: method.request.header.Authorization
    package:
      include:
        - api/profiles/**
        - node_modules/node-uuid/**
        - node_modules/jsonwebtoken/**
        - node_modules/rand-token/**          

resources:
  Resources:
    UploadBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: profile-images
        AccessControl: PublicRead
        CorsConfiguration:
          CorsRules:
          - AllowedMethods:
            - GET
            - PUT
            - POST
            - HEAD
            AllowedOrigins:
            - "*"
            AllowedHeaders:
            - "*"   
    IamPolicyInvokeLambdaFunction:
      Type: AWS::IAM::Policy     
      Properties: 
        PolicyName: "lambda-invoke-function"
        Roles:
          - {"Ref" : "IamRoleLambdaExecution"}
        PolicyDocument:
          Version: '2012-10-17'
          Statement:            
              - Effect: Allow
                Action: 
                  - "lambda:InvokeFunction"
                Resource: "*"

我的处理程序文件

var s3Params = {
                Bucket: 'profile-images',
                Key: image.name,
                ACL: 'public-read'
            };

 s3.getSignedUrl('putObject', s3Params, function (err, url){
       if(err){
          console.log('presignedURL err:',err);
          context.succeed({error: err});
       }
       else{
          console.log('presignedURL: ',url);
          context.succeed({uploadURL: url});                                           
       }                    
  });

1 个答案:

答案 0 :(得分:1)

在这个问题上花了更多时间之后,我意识到这在服务器端并不是问题,但问题在于提出请求。我需要为我的PUT请求设置标头,因为当AWS s3收到任何请求时,它会检查该请求的签名与标头的签名,因此如果您要设置“内容类型”,那么或者' ACL'在创建preSignedURL时,您必须提供' Content-Type'和' x-amz-acl'在你的请求中。

这是我更新的' s3Params' 

var s3Params = {
                Bucket: 'profile-images',
                Key: image.name,
                ACL: 'public-read',
                ContentType: image.type
            };

这是我的要求 Updated request headers screenshot

最后,我从这篇文章中获得了一些帮助set headers for presigned PUT s3 requests

相关问题
最新问题