Brightcove AWS S3上传返回Coldfusion中的InvalidAccessKeyId

时间:2017-07-24 13:14:10

标签: amazon-web-services amazon-s3 coldfusion

<Error>
    <Code>InvalidAccessKeyId</Code>
    <Message>The AWS Access Key Id you provided does not exist in our records.</Message>
    <AWSAccessKeyId>ASIAJSDFW27523RELDJA</AWSAccessKeyId>
    <RequestId>22F0A23F675424D0</RequestId>
    <HostId>3ozDoKHMzf00wlsdfA0hsdfWDrzy21c0xqxwOwd1BJo8MqSouPZU</HostId>
</Error>

对于accessKeyID,我使用GET返回的值access_key_id到https://ingest.api.brightcove.com/v1/accounts/ {ACCOUNT_ID} / videos / {VIDEO_ID} / upload-urls / {SOURCE_NAME}

由于我想使用多部分上传,因此我遵循了以下网址提供的指南。 http://blog.tcs.de/coldfusion-amazon-s3-upload-via-form-post-example/ https://aws.amazon.com/items/1434?externalID=1434

使用https://github.com/joedanz/cf-amazon-s3

中的s3.cfc

对于政策:

{"expiration": {add 1 day to now}",
    "conditions": [
        {"bucket": bucket-name-from-brightcove},
        ["starts-with", "$key", "uploads/"],
        {"acl": "authenticated-read"},
        {"success_action_redirect": "my-server-redirect-url"},
        ["starts-with", "$Content-Type", "#mData.fileType#"],
        ["content-length-range", 0, #mData.fileSize#]
    ]
}

我的CF代码:

rStruct['policy'] = ToBase64(s3policy);
s3 = createObject("component", 's3').init('access_key_id-from-brightcove','secret_access_key-from-brightcove');
rStruct['signature'] = s3.createSignature(rStruct['policy']);
rStruct['auth'] = 'authenticated-read';
rStruct['s3URL'] = 'https://bucket-name-from-brightcove.s3.amazonaws.com/';   
rStruct['s3redirectURL'] = 'my-server-redirect-url';  

我的表单如下:(我用jquery替换隐藏的字段值)

<form name="dlgform" id="dlgform" method="post" enctype="multipart/form-data" action="" target="submitDialog_submitFrame">
    <input type="hidden" name="key" id="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" id="AWSAccessKeyId" value="access_key_id-from-brightcove">
    <input type="hidden" name="acl" id="acl" value="authenticated-read">
    <input type="hidden" name="success_action_redirect" id="success_action_redirect" value="">
    <input type="hidden" name="policy" id="policy" value="rStruct['policy']">
    <input type="hidden" name="signature" id="signature" value="rStruct['signature']">
    <input type="hidden" name="Content-Type" id="Content-Type" value="file-content-type">
     File: <input type="file" name="file" />
    <input type="submit" name="submit" value="Upload to Amazon S3" />
</form>

1 个答案:

答案 0 :(得分:1)

以字符ASIA开头的访问密钥ID与来自STS的临时凭证相关联,并始终具有必须嵌入由这些凭据签名的任何请求中的X-Amz-Security-Token

如果请求中未嵌入此令牌,AWS端点甚至无法识别访问密钥ID,并且预计会出现does not exist in our records错误。

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

此错误与签名版本4无关。它还会影响签名版本2,这是问题中的代码所使用的。