PHP AWS SDK |如何使用自定义域创建签名URL

时间:2018-04-22 09:33:31

标签: php laravel amazon-s3 aws-sdk amazon-cloudfront

我在PHP中使用AWS SDK与Laravel框架。这是我的代码

$cloudFront = new CloudFrontClient([
    'region'  => env('AWS_REGION'),
    'version' => 'latest'
]);

$path = "R180417XXXX.mp4"

$resourceURL = "https://dbk93n3xxxxxx.cloudfront.net/" . $path;
$expires = Carbon::now()->addMinutes(5)->timestamp;

$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
    'url'         => $resourceURL,
    'expires'     => $expires,
    'private_key' => base_path('pk-APKAI2PXXXXXXXXXXXXX.pem'),
    'key_pair_id' => 'APKAI2PXXXXXXXXXXXXX',
]);

此代码正常运行,但网址如下所示

https://dbk93n3xxxxxx.cloudfront.net/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX

但我只是在CloudFront中设置CNAME,如server1.domain.tld我希望签名的网址显示为

https://server1.domain.tld/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX

我已尝试将$resourceURL更改为

$resourceURL = "https://server1.domain.tld/" . $path;

它不起作用。

它是响应状态代码403,我已设置Origin Access Identity我不知道为什么不工作

这是我的Amazon S3 Policy

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2OP22ZEXXXXXX"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::server1.domain.tld/*"
        }
    ]
}

请帮忙......

由于

1 个答案:

答案 0 :(得分:0)

在Route53中,您的tld需要一个托管区域,并且需要一个CNAME类型的记录集,它是Cloudfront分发的别名。

以下是要遵循的步骤:

  • 在证书管理器中为 domain.tld server1.domain.tld 创建证书。

  • 编辑您的Cloudfront分发设置,并将分发的SSL证书设置为自定义分发。 Set SSL Certificate for Distribution

  • 确保您的通讯组列表的备用域名(CNAME) server1.domain.tld

List Alternate Domain Names for Distribution