我已经设置了以下信息:
AccessDenied
访问被拒绝
我已经从上面的过程中获得了签名的URL
image.png?政策= XXXXX @签名= XXX @密钥对-ID = XXXXXXX
但我无法访问该网址
云前端策略的示例JSON
{
"Statement": [{
"Resource": "XXXXXXXXXX.cloudfront.net/standard/f7cecd92-5314-4263-9147-7cca3041e69d.png",
"Condition": {
"DateLessThan": {
"AWS:EpochTime": 1555021200
},
"IpAddress": {
"AWS:SourceIp": "0.0.0.0/0"
},
"DateGreaterThan": {
"AWS:EpochTime": 1554848400
}
}
}]
}
添加了CloudFront存储桶策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXXX"
},
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::bucket_name/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXXX"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucket_name"
}
]
}
您看到的AccessDenied错误与您提到的步骤无关,Origin访问标识允许CloudFront使用sigv4使用特殊用户访问S3,使用上述步骤,您将看到allow语句添加到存储桶策略。
如果是S3的错误,您会看到2个请求ID,主机和请求ID以及拒绝访问按钮。
image.png?policy = xxxxx @ signature = xxx @ Key-Pair-Id = XXXXXXX如果您看到拒绝访问,则错误在于CloudFront签名URL(受限查看者访问权限)。
要查看生成的CloudFront签名URL的错误,请尝试对策略值进行base64解码,并查看资源URL /过期等是否正确。