我已经从aws educate创建了aws帐户。我正在尝试将图片上传到AWS s3。但是我收到访问被拒绝的错误。
代码:
const multer = require('multer');
const multerS3 = require('multer-s3');
const config = require('../config');
aws.config.update({
secretAccessKey: config.AWS_SECRET_ACCESS_KEY,
accessKeyId: config.AWS_ACCESS_KEY_ID,
region: 'us-east-1'
});
const s3 = new aws.S3();
const fileFilter = (req, file, cb) => {
if (file.mimetype === 'image/jpeg' || file.mimetype === 'image/png' || file.mimetype === 'image/jpg') {
cb(null, true);
} else {
cb(new Error('Invalid file type, only JPEG and PNG is allowed!'), false);
}
}
const upload = multer({
fileFilter,
storage: multerS3({
acl: 'private',
s3,
bucket: 'acc-partner',
metadata: function (req, file, cb) {
cb(null, {
fieldName: 'TESTING_METADATA'
});
},
key: function (req, file, cb) {
cb(null, Date.now().toString())
}
})
});
module.exports = upload;
const express = require('express');
const router = express.Router();
const UserCtrl = require('../controllers/user');
const upload = require('../services/image-upload');
const singleUpload = upload.single('image');
router.post('/image-upload', UserCtrl.authMiddleware, function(req, res) {
singleUpload(req, res, function(err) {
if (err) {
return res.status(422).send({errors: [{title: 'Image Upload Error', detail: err.message}]});
}
return res.json({'imageUrl': req.file.location});
});
});
module.exports = router;
邮递员错误
{
"errors": [
{
"title": "Image Upload Error",
"detail": "Access Denied"
}
]
}
答案 0 :(得分:0)
这是因为您尚未设置存储桶的公共策略(如我在AWS映像中所见)。尝试将您的存储桶策略设置为公共(单击“存储桶策略”按钮)。
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::acc-partner/*"
}
]
}
您可以在https://awspolicygen.s3.amazonaws.com/policygen.html处使用策略生成器。
答案 1 :(得分:0)
您为其生成访问密钥的IAM用户没有对要放入映像的s3存储桶的PUT访问权限。
对于与您的配置文件中指定的访问密钥相关联的用户,请转到IAM仪表板,并创建具有以下权限的新策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}
要进一步将请求限制为仅来自ec2服务器的那些PUT请求,请转到ec2仪表板,保留静态ip地址,然后改用以下策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "YOUR_STATIC_IP_ADDRESS/16"
}
}
}
]
}
完成后,将新策略附加到IAM控制台中的用户。
答案 2 :(得分:0)
您需要设置策略以允许您的IAM用户(示例中具有AWS_SECRET_ACCESS_KEY和AWS_ACCESS_KEY_ID的用户)上传数据。
该策略应如下所示:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl"
],
"Principal": {
"AWS": [
"arn:aws:iam::123exampleaccountID:user/Jane"
]
},
"Resource":"arn:aws:s3:::acc-partner/*"
}
]
}
这样做是为了让您的IAM用户(您应将arn:aws:iam::123exampleaccountID:user/Jane替换为IAM用户ARN)。