1. 首页
  2. 问答
  3. Lambda:亚马逊s3直接上传错误签名不匹配

Lambda:亚马逊s3直接上传错误签名不匹配

2016-12-30 144 views
0

我想通过使用预先签名的URL将图像文件上传到AWS s3存储桶,但是出现屏幕截图中显示的错误,我按照帖子从这页s3 direct file upload,我想知道我正在犯什么错误,并且我想知道这是服务器端问题,还是应该使用一些不同的方法向“预先签名的”URL发出放入请求,谢谢。Lambda:亚马逊s3直接上传错误签名不匹配

Error I'm Getting on Postman

我serverless.yml

service: my-service-api 

provider: 
    name: aws 
    runtime: nodejs4.3 
    stage: dev 
    region: us-east-1 
    iamRoleStatements: 
    - Effect: "Allow" 
     Action: 
     - "dynamodb:*"   
     Resource: "*" 
    - Effect: "Allow" 
     Action: 
     - "s3:*"   
     Resource: "arn:aws:s3:::profile-images/*" 

custom: 
    globalResultTtlInSeconds: 1 

package: 
    individually: true 
    include: 
    - node_modules/mysql/** 
    - node_modules/bluebird/** 
    - node_modules/joi/** 
    exclude: 
    - .git/** 
    - .bin/** 
    - tmp/** 
    - api/** 
    - node_modules/** 
    - utils/** 
    - package.json 
    - npm_link.sh 
    - templates.yml 

functions: 
    profiles: 
    handler: api/profiles/handler.profiles 
    events: 
     - http: 
      method: POST 
      path: api/profiles/uploadURL 
      cors: true 
      integration: lambda 
      request: ${file(./templates.yml):request} 
      authorizer: 
      arn: arn:aws:lambda:us-east-1:000000000000:function:customAuthorizer 
      resultTtlInSeconds: ${self:custom.globalResultTtlInSeconds} 
      identitySource: method.request.header.Authorization 
    package: 
     include: 
     - api/profiles/** 
     - node_modules/node-uuid/** 
     - node_modules/jsonwebtoken/** 
     - node_modules/rand-token/**   

resources: 
    Resources: 
    UploadBucket: 
     Type: AWS::S3::Bucket 
     Properties: 
     BucketName: profile-images 
     AccessControl: PublicRead 
     CorsConfiguration: 
      CorsRules: 
      - AllowedMethods: 
      - GET 
      - PUT 
      - POST 
      - HEAD 
      AllowedOrigins: 
      - "*" 
      AllowedHeaders: 
      - "*" 
    IamPolicyInvokeLambdaFunction: 
     Type: AWS::IAM::Policy  
     Properties: 
     PolicyName: "lambda-invoke-function" 
     Roles: 
      - {"Ref" : "IamRoleLambdaExecution"} 
     PolicyDocument: 
      Version: '2012-10-17' 
      Statement:    
       - Effect: Allow 
       Action: 
        - "lambda:InvokeFunction" 
       Resource: "*"

我处理程序文件

var s3Params = { 
       Bucket: 'profile-images', 
       Key: image.name, 
       ACL: 'public-read' 
      }; 

s3.getSignedUrl('putObject', s3Params, function (err, url){ 
     if(err){ 
      console.log('presignedURL err:',err); 
      context.succeed({error: err}); 
     } 
     else{ 
      console.log('presignedURL: ',url); 
      context.succeed({uploadURL: url});           
     }      
    });

来源

2016-12-30 Balkrishna

+1

为什么你需要上传一个标识的URL一些帮助lambda函数中的图像。或者,您可以使用Lambda函数运行的角色有权访问S3存储桶,这应该足够了 – Rajesh

+0

谢谢@Rajesh,您可以为我提供一些示例吗?这将有助于我理解 – Balkrishna

+0

@Rajesh检查链接的博客文章。这里的目标似乎是使用由“服务器”生成的实际上是同步Lambda函数的预签名URL,从网页拖放/上传到S3。从Lambda上传文件不适用。 –

回答

1

花更多的时间在这个问题后,我意识到,这是不是在服务器端,但问题问题在提出要求。我需要为我的PUT请求设置标题,因为当AWS s3收到任何请求时,它会检查该请求的签名与标题,因此如果在创建preSignedURL时设置“ContentType”或“ACL”,则必须提供“Content-在你的请求中键入'和'x-amz-acl'。

这是我更新“s3Params”

var s3Params = { 
       Bucket: 'profile-images', 
       Key: image.name, 
       ACL: 'public-read', 
       ContentType: image.type 
      };

这是我的要求 Updated request headers screenshot

最后我得到了这个职位set headers for presigned PUT s3 requests

来源

2016-12-31 09:17:11 Balkrishna

相关问题

 相关问题