我有一个 iOS 客户端,可以使用匿名 Cognito Identity 和 Amplify SDK 成功将文件上传到 S3。 现在我尝试使用 CLI 模拟相同的上传,但失败得很惨。 这就是我正在做的事情:
> aws cognito-identity get-id --identity-pool-id us-east-1:XXX-XXX
{
"IdentityId": "us-east-1:YYY-YYY"
}
> aws cognito-identity get-credentials-for-identity --identity-id "us-east-1:YYY-YYY" --region "us-east-1"
{
"IdentityId": "us-east-1:YYY-YYY",
"Credentials": {
"AccessKeyId": "KEY-KEY-KEY",
"SecretKey": "SECRET-SECRET-SECRET",
"SessionToken": "long session token here",
"Expiration": "2030-01-09T01:28:11+02:00"
}
}
> AWS_ACCESS_KEY_ID="KEY-KEY-KEY" AWS_SECRET_ACCESS_KEY="SECRET-SECRET-SECRET" aws s3 --region us-east-1 cp /tmp/txt.txt s3://my-public-bucket/txt.txt
upload failed: /tmp/txt.txt to s3://my-public-bucket/txt.txt An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records.
我得到的结果是
InvalidAccessKeyId
:The AWS Access Key Id you provided does not exist in our records.
密钥应该在使用前注册吗?我错过了什么?
找到了! 它还需要使用会话令牌,而不仅仅是密钥和秘密。所以,最后一条命令改成这样:
> AWS_ACCESS_KEY_ID="KEY-KEY-KEY" \
AWS_SECRET_ACCESS_KEY="SECRET-SECRET-SECRET"\
AWS_SESSION_TOKEN="long session token here"\
aws s3 --region us-east-1 cp /tmp/txt.txt s3://my-public-bucket/txt.txt