AWS API Gateway端点经过身份验证的文件上传POST请求签名不匹配

Question

当前正在使用客户端Angular 6前端应用程序，该应用程序正在使用已启用IAM授权的AWS API Gateway终端节点，以上传具有关联元数据的文件以最终驻留在S3存储桶中。

应用javascript正在使用FormData对象封装文件对象和元数据，并通过Angular HttpClient API和aws-sign-web执行HTTP POST请求以进行SigV4请求标头签名。在对AWS API Gateway进行POST请求调用时，我目前遇到问题，该消息指出已签名的请求不匹配，并从AWS收到以下错误消息； “我们计算出的请求签名与您提供的签名不匹配。请检查您的AWS Secret Access密钥和签名方法。”

注意：在未启用IAM授权的情况下，文件上传POST请求可以正常工作。

以下是Angular签名请求代码的片段：

onSubmit() {

    // clear response messages to hide as necessary
    this.response_message = '';
    this._err.message = '';
    const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';

    // disable submit button
    this.disableSubmit = true;
    this.sort_id = this.getSortID();
    const currentFile: string = this.buildFileName();

    // append file and parameters to form
    const uf = this.upload_file.nativeElement;
    if (uf.files && uf.files[0]) {

        const file = uf.files[0];

        // check file extension to verify .htm/.html
        if (this.checkFileType(file.name)) {

            const formData: FormData = new FormData();
            formData.append('file', file, currentFile);
            formData.append('sortid', this.sort_id);

            // set HTTP headers from aws-sign-web utility
            const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
                                                this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);

            // set request headers
            const req_options = {
                headers: headers

            };

            this.http.post(dataUrl, formData, req_options).subscribe(
                response => {
                    this.response_message = 'The following file ' + file.name + ' was published successfully.';

                    // clear form
                    this.uploadForm.reset();
                    this.upload_file.nativeElement.value = '';

                    // reset the file browser select label
                    this.upload_file_label = this.upload_file_default_label_msg;

                },
                error => {

                    this._err = <Error>error.json();

                    // re-enable submit after error response
                    this.disableSubmit = false;
                }
            );

        } else {
            // invalid file type return error message
            // tslint:disable-next-line:max-line-length
            this._err.message = 'errmessage;
            this.disableSubmit = false;
        }
    } else {
        // there was a problem with the selected file prior to upload
        this._err.message = 'errmessage';
        this.disableSubmit = false;
}

public CreateAWSSignedPostRequest(dataURL: string, method: string, formData: 
                               any, accessKeyID: string,
    secretAccessKey: string, sessionToken: string): HttpHeaders {

    // declare variables
    let headers: HttpHeaders = new HttpHeaders();


    // set aws config parameter
    const config: Config = {
        region: environment.region,
        service: 'execute-api',
        accessKeyId: accessKeyID,
        secretAccessKey: secretAccessKey,
        sessionToken: sessionToken
    };

    // create aws-sign-web object
    const signer = new AwsSigner(config);

    // declare aws-sign-web request object
    const request = {
        method: method,
        url: dataURL,
        body: formData
    };

    // sign aws request
    const signed = signer.sign(request);

    console.log(signed);

    // loop through signed request objects and map to Headers list object
    for (const attribute in signed) {
        if (signed[attribute]) {
            headers = headers.append(attribute, signed[attribute]);
        }
    }

    return headers;

}

在解决此签名请求不匹配问题上，我们将提供任何帮助，以将HTTP POST请求与文件multipart / form-data发送到API Gateway。