amazon-web-services - API Gateway S3 集成签名与空白文件夹名称不匹配
问题描述
我想从 API Gateway 端点访问 S3 存储桶中的文件。
我已使用密钥将文件上传到 S3 存储桶:(path//filename.txt
注意空子文件夹名称是故意的)
但是,当我发出以下 HTTP 请求时:
curl -X GET 'https://api.cloud/v1/files/filename.txt'
集成失败并返回 XML 错误。API 网关日志状态:
Received response. Status: 403, Integration latency: 8 ms
Endpoint response body before transformations:
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
...
</Error>
我一生都无法弄清楚我错过了什么。
我是否不允许将 API 网关集成到密钥中包含空文件夹的 S3 对象?
我已经使用 CloudFormation 部署了 S3 存储桶,以下是一些相关部分:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
MyBucket:
Type: 'AWS::S3::Bucket'
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
CorsConfiguration:
CorsRules:
- AllowedHeaders: ['*']
AllowedMethods: [GET,PUT]
AllowedOrigins: ['*']
ExposedHeaders: [Date]
Id: CORSRules
MaxAge: 3600
BucketReadRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- apigateway.amazonaws.com
Action: 'sts:AssumeRole'
Policies:
- PolicyName: bucket-read
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 's3:GetObject'
Resource: !Join
- '/'
- - !GetAtt MyBucket.Arn
- '*'
我已经使用以下集成配置了 API 网关(注意%2F
空子文件夹名称的帐户):
paths:
/files/{filename}:
get:
parameters:
- in: path
name: filename
required: true
schema:
type: string
x-amazon-apigateway-integration:
credentials:
Fn::Sub: ${BucketReadRole.Arn}
uri:
Fn::Sub:
- arn:${AWS::Partition}:apigateway:${AWS::Region}:s3:path/${MyBucket}/path/%2F{filename}
- MyBucket:
Fn::ImportValue: MyBucket
responses:
default:
statusCode: "200"
responseParameters:
method.response.header.Content-Length: "integration.response.header.Content-Length"
method.response.header.Content-Type: "integration.response.header.Content-Type"
method.response.header.ETag: "integration.response.header.ETag"
requestParameters:
integration.request.path.filename: "method.request.path.filename"
passthroughBehavior: "when_no_match"
httpMethod: "GET"
type: "aws"
解决方案
推荐阅读
- c - 在没有 strlen 的情况下确定哪个 char * 最短
- reactjs - Emacs,在 React 尖括号中向前和向后
- javascript - 是否可以更改已定义的 href
- php - user_type 模型当我尝试使用它时 registerusers.php 我没有找到 Class 'app\user_type'
- c# - 初始化属性、if 中的 null 检查或合并哪个更有效?
- php - mysql LEFT JOINS 在页面上不起作用
- azure - Azure 区块链:在 VS 代码中构建合同命令给出错误
- ruby-on-rails - 如何在多态场景中获取关联记录
- javascript - ReduxForm 只有一种方式
- garmin - Garmin-Watchface:如何显示心率?