node.js - 将图像上传到 AWS S3 被拒绝访问
问题描述
我正在尝试将图像上传到我的 S3 存储桶。但我收到“AccessDenied: Access Denied at Request.extractError”错误。Dev NodeJS 服务器在 EC2 实例中运行。令人惊讶的是,当我在 localhost 中运行服务器时,上传图像功能正在工作。在本地服务器和开发服务器中使用相同的凭据。并且 IAM 用户同时拥有管理员权限和 AmazonS3FullAccess 权限。S3 存储桶没有任何策略,存储桶中的对象可以是公共的。
这是我上传图片的 NodeJS 代码。
const AWS = require('aws-sdk');
AWS.config.update({
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
region: process.env.AWS_REGION
});
const S3 = new AWS.S3();
uploadImage: async (title, file, mime) => {
return await S3.upload({
Bucket: process.env.AWS_S3_IMAGES,
Key: title,
Body: file,
ACL: "public-read",
ContentType: mime
}).promise()
},
这是我收到的错误。
AccessDenied: Access Denied\n at Request.extractError (/home/ec2-user/backend/node_modules/aws-sdk/lib/services/s3.js:700:35)\n at Request.callListeners(/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:106:20)\n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:78:10)\n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:688:14)\n at Request.transition (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request. <anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:38:9)\n at Request.<anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:690:12)\n at Request.callListeners (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:116:18)\n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:78:10)\n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:688:14)\n at Request.transition (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request.<anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:38:9)\n at Request.<anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:690:12)\n at Request.callListeners (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:116:18)\n at callNextListener (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:96:12)\n at IncomingMessage.onEnd (/home/ec2-user/backend/node_modules/aws-sdk/lib/event_listeners.js:313:13)\n at IncomingMessage.emit (events.js:387:35)\n at IncomingMessage.emit (domain.js:470:12)
最近几天我一直在尝试解决这个问题,但找不到任何线索。如果你们中的任何人能指出我正确的方向,那就太好了。
提前致谢。
解决方案
在 s3 控制台>“权限”的存储桶策略编辑器中应用以下策略。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "editor",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<IAM-user-ID>:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetBucketLocation",
"s3:Get*",
"s3:Put*",
"s3:Delete*"
],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
},
{
"Sid": "editor2",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
推荐阅读
- python-3.x - Aligning nifti files with different shape and q_offset values in header
- azure - Adding same resource in multiple resource groups
- c++ - 使用 MSVC 的模块中的访问冲突
- python - 将 PySpark Dataframe 列拆分为多个
- ios - Are there recommended ways for drawing 2d array in fast time?
- node.js - 在heroku中创建(克隆)相同的应用程序进行开发
- python - 无论 django 中的用户如何,都从数据库中获取最新对象
- php - PHP 中的空格错误,需要标识符
- arrays - 通过将它们合并为一个数组在同一页面上显示两个数组 - 反应原生
- arrays - 如何追加到 JSONB 列中的嵌套数组