我正在尝试将文件上传并查看到完全私有的存储桶中。
控制器:
在控制器中,我正在Ruby V3的SDK中调用“ Aws :: S3 :: PresignedPost”函数来生成表单数据。
@s3_direct_post = Aws::S3::PresignedPost.new(aws_config[:aws_credenciais], aws_config[:aws_bucket_region], aws_config[:aws_bucket], {
key: "#{empresa.companyname}/ordem_servico/#{Time.now.year}/#{@ordem_servico.id}/#{@ordem_servico.os_id}_v#{@ordem_servico.versao}/#{SecureRandom.uuid}/${filename}",
success_action_status: "201",
acl: 'public-read',
expires: (Time.now + 15.minutes)
})
表格开头:
以前端的形式,我使用SDK生成的变量生成隐藏输入
<form id="my-dropzone" action="https://bucket.s3.amazonaws.com" class="dropzone dz-clickable dz-started" enctype="multipart/form-data">
<input type="hidden" name="key" value="nucleusteste/ordem_servico/2019/180/4_v1/49147a65-ed8b-48c9-a198-7bd6b23c72d1/${filename}">
<input type="hidden" name="success_action_status" value="201">
<input type="hidden" name="acl" value="public-read">
<input type="hidden" name="Expires" value="Mon, 03 Jun 2019 17:18:54 GMT">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjoiMjAxOS0wNi0wM1QxODowMzo1NFoiLCJjb25kaXRpb25zIjpbeyJidWNrZXQiOiJ0ZXN0ZWNvbnZlcnBsYXN0In0sWyJzdGFydHMtd2l0aCIsIiRrZXkiLCJudWNsZXVzdGVzdGUvb3JkZW1fc2Vydmljby8yMDE5LzE4MC80X3YxLzQ5MTQ3YTY1LWVkOGItNDhjOS1hMTk4LTdiZDZiMjNjNzJkMS8iXSx7InN1Y2Nlc3NfYWN0aW9uX3N0YXR1cyI6IjIwMSJ9LHsiYWNsIjoicHVibGljLXJlYWQifSx7IkV4cGlyZXMiOiJNb24sIDAzIEp1biAyMDE5IDE3OjE4OjU0IEdNVCJ9LHsieC1hbXotY3JlZGVudGlhbCI6IkFLSUEyRkE1RExGV0xPQ1hWSTRZLzIwMTkwNjAzL3VzLWVhc3QtMS9zMy9hd3M0X3JlcXVlc3QifSx7IngtYW16LWFsZ29yaXRobSI6IkFXUzQtSE1BQy1TSEEyNTYifSx7IngtYW16LWRhdGUiOiIyMDE5MDYwM1QxNzAzNTRaIn1dfQ==">
<input type="hidden" name="x-amz-credential" value="AKIB5FA2DLLLLOCVVI5Y/20190603/us-east-1/s3/aws4_request">
<input type="hidden" name="x-amz-algorithm" value="AWS4-HMAC-SHA256">
<input type="hidden" name="x-amz-date" value="20190603T170354Z">
<input type="hidden" name="x-amz-signature" value="e3670b80d0e09e77ee07971a60235b18a2181fd34ff901a334f9ed2222fece45">
</form>
AWS S3 CORS:
在存储桶的设置部分中,我创建了CORS,仅接受来自我的站点的PUT,POST和DELETE,并且免费显示文件的可视化。
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>https://mysite.herokuapp.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
</CORSConfiguration>
时段政策:
{
"Version": "2012-10-17",
"Id": "Policy1559567062776",
"Statement": [
{
"Sid": "Stmt1559567058183",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::test...."
}
]
}
AWS用户策略:
我使用“ AmazonS3FullAccess”创建了一个AIM用户,并且还创建了以下规则并将其分配给该用户。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutAccountPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:ListJobs",
"s3:CreateJob",
"s3:HeadBucket"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*/*"
}
]
}
返回总是相同的:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message>
<RequestId>2EBDDD1ED051EB93</RequestId>
<HostId>jULDSNHGX7L8W67duCAwdUjssSBp6eSuYlQR4xlfwTovOaMCkLAOUSJhM9g4o1w1WdSWAZfn+vg=</HostId>
</Error>