我无法通过安全令牌服务使用ListObjects方法访问AWS S3。
文档中说明了存储桶,并且它的对象可以是私有的,而我们可以使用AWS STS获取临时凭证来访问S3对象。
我正在尝试创建图形服务器。我有一个单独的服务,您可以查询。在响应期间,我的计划是使用AWS STS公开我的S3存储桶中的图像。
use Aws\Sts\StsClient;
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
$bucket = 'bucket_name';
// the security credentials that you use to obtain temporary security credentials.
$stsClient = StsClient::factory(array(
'credentials' => array(
'secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'key' => 'YYYYYYYYYYYYYYYYYYYYYYYYY'
),
'region'=>'us-east-1',
'version'=>'latest'
));
// Fetch the federated credentials.
$sessionToken = $stsClient->getFederationToken([
'Name' => 'IAM-Username',
'DurationSeconds' => '3600',
'PolicyName' => 'my-policy'
]);
// The following will be part of your less trusted code. You provide temporary
// security credentials so the code can send authenticated requests to Amazon S3.
$s3 = new S3Client([
'region' => 'us-east-1',
'version' => 'latest',
'credentials' => [
'key' => $sessionToken['Credentials']['AccessKeyId'],
'secret' => $sessionToken['Credentials']['SecretAccessKey'],
'token' => $sessionToken['Credentials']['SessionToken']
]
]);
print_r($sessionToken);
echo "<br/>";
echo "<br/>";
try {
$result = $s3->listObjects([
'Bucket' => $bucket
]);
} catch (S3Exception $e) {
echo $e->getMessage() . PHP_EOL;
}
我期待有S3对象键的列表。但是相反,我收到一条错误消息:
在“ https://s3.amazonaws.com/bucket_name?encoding-type=url”上执行“ ListObjects”时出错; AWS HTTP错误:客户端错误:
GET https://s3.amazonaws.com/bucket_name?encoding-type=url导致收到403 >Forbidden响应:AccessDeniedAccess拒绝AccessDenied(客户端):>访问被拒绝-AccessDeniedAccess被拒绝XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
找到了我的答案。我在调用错误的方法。
我更改了此:
$sessionToken = $stsClient->getFederationToken([
'Name' => 'IAM-Username',
'DurationSeconds' => '3600',
'PolicyName' => 'my-policy'
]);
对此:
$sessionToken = $stsClient->getSessionToken([
'Name' => 'ats-graphics-server-user',
'DurationSeconds' => '3600',
'PolicyName' => 'ats-graphics-server-s3-policy'
]);
使用getSessionToken代替getFederationToken,这很明显。