我有一个静态网站,在UI上,我从S3存储桶中托管的HTML表单中获取存储桶名称和对象名称。单击按钮后,这些参数随后通过POST发送到API网关,然后将其转发到Lambda。然后,Lambda将根据这些参数生成一个预签名URL,并将其发送回UI。当我从Lambda生成URL时,它可以工作,但是当我尝试通过UI生成的URL访问对象时,访问被拒绝。这是我存储对象的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PresignedPermissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678:role/accessS3"
},
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::testEXAMPLEbucket/*"
]
}
]
}
我的存储对象的存储桶的CORS配置。
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Lambda代码:
'use strict';
const AWS = require('aws-sdk');
const s3 = new AWS.S3()
exports.handler = (event, context, callback) => {
// TODO implement
var params = {
'Bucket' : event['bucketName'],
'Key' : event['objectName'],
'Expires' : event['expiration']
};
s3.getSignedUrl('getObject', params, (error, url) => {
if (error) {
callback(error);
} else {
callback(null, {url: url});
}
});
};
HTML脚本代码:
var API_ENDPOINT_POST = "https://***.**-api.us-east-1.**.com/prod/"
//AJAX POST REQUEST
document.getElementById("getURL").onclick = function(){
var inputData = {
"bucketName":$('#bucketName').val(),
"objectName":$('#objectName').val(),
"expiration":$('#expiration').val()
};
$.ajax({
url: API_ENDPOINT_POST,
type: 'POST',
data: JSON.stringify(inputData) ,
contentType: 'application/json; charset=utf-8',
success: function (response) {
document.getElementById("showURL").value = response.url;
},
error: function () {
alert("error");
}
});
}
Lambda中使用的角色具有FULLS3ACCESS。我已经阅读了大多数帖子,并根据它们进行了更改,但是它们都没有帮助。如果我有任何遗漏,请告诉我。我真的很感激。