我想知道是否可以将预先签名的网址与s3以外的其他aws服务一起使用。具体来说,boto3文档http://boto3.readthedocs.io/en/latest/reference/services/logs.html#CloudWatchLogs.Client.generate_presigned_url显示方法generate_presigned_url可用于cloudwatch日志。我尝试过以下方式使用它。
client = boto3.client(
'logs',
aws_access_key_id="<aws_access_key_id>",
aws_secret_access_key="<aws_secret_access_key>",
region_name='us-east-1'
)
url = client.generate_presigned_url(
ClientMethod='get_log_events',
Params={
'logGroupName':'<logGroupName>',
'logStreamName':'<logStreamName>'
},
ExpiresIn=180
)
url生成,但在尝试访问url时,我在浏览器中收到错误:
<InvalidSignatureException>
<Message>The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.</Message>
</InvalidSignatureException>
供参考,网址采用此格式(AWS签名版本4):
https://logs.us-east-1.amazonaws.com/
?logGroupName=<logGroupName>&logStreamName=<logStreamName>
?X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=<aws_access_key_id>%2F20130721%2Fus-east-
1%2Fs3%2Faws4_request
&X-Amz-Date=20180531T150510Z
&X-Amz-Expires=180
&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-target
&X-Amz-Signature=<signature-value>
如何访问此网址?我注意到这个url的格式与为s3生成的格式不同,后者使用相同的方法(即generate_presigned_url和get_objects)。有没有办法让Cloudwatch日志工作?