AWS S3存储桶临时凭证下载文件.Net

时间:2017-10-26 14:15:57

标签: c# .net amazon-web-services amazon-s3

我在Amazon S3上有一个存储桶,我创建了IAM用户现在我想使用临时凭证下载私有存储桶文件。

这是我的存储桶政策

{
    "Id": "Policy1509026195925",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1509026179419",
            "Action": [
                "s3:GetObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::test-folder/*",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::461567291450:user/john"
                ]
            }
        }
    ]
}

这是我的c#.Net代码

ServicePointManager.Expect100Continue = false;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            try
            {

                // In real applications, the following code is part of your trusted code. It has 
                // your security credentials you use to obtain temporary security credentials.
                AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig();
                AmazonSecurityTokenServiceClient stsClient =
                       new AmazonSecurityTokenServiceClient(config);

                GetFederationTokenRequest federationTokenRequest =
                                                     new GetFederationTokenRequest();
                federationTokenRequest.Name = "testuser";
               // federationTokenRequest.Policy = "Policy1509026195925";
                federationTokenRequest.DurationSeconds = 7200;

                GetFederationTokenResponse federationTokenResponse = stsClient.GetFederationToken(federationTokenRequest);
                //FederatedUser federationTokenResult = federationTokenResponse.;
                Credentials credentials = federationTokenResponse.Credentials;


                SessionAWSCredentials sessionCredentials =
                                 new SessionAWSCredentials(credentials.AccessKeyId,
                                                          credentials.SecretAccessKey,
                                                          credentials.SessionToken);

                // The following will be part of your less trusted code. You provide temporary security
                // credentials so it can send authenticated requests to Amazon S3. 
                // Create Amazon S3 client by passing in the basicSessionCredentials object.
                AmazonS3Client s3Client = new AmazonS3Client(sessionCredentials, Amazon.RegionEndpoint.USEast1);
                // Test. For example, send list object keys in a bucket.
                ListObjectsRequest listObjectRequest = new ListObjectsRequest();
                listObjectRequest.BucketName = bucketName;
                ListObjectsResponse response = s3Client.ListObjects(listObjectRequest);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }

每当我运行代码时,我都会收到Access denied消息。为什么?如何使用临时凭证下载存储桶文件?

1 个答案:

答案 0 :(得分:0)

您可以尝试以下内容:

assumeRoleResult = AssumeRole(role-arn);
tempCredentials = new SessionAWSCredentials(
   assumeRoleResult.AccessKeyId, 
   assumeRoleResult.SecretAccessKey, 
   assumeRoleResult.SessionToken);
s3Request = CreateAmazonS3Client(tempCredentials);

您需要致电AssumeRole以获取临时安全凭证,然后使用这些凭据拨打Amazon S3,请参阅Switching to an IAM Role (API).

参考:Using Temporary Security Credentials with the AWS SDKs

相关问题
最新问题