所以我现在已经坚持这个问题了很长一段时间 . 我一直在尝试使用CloudFront签名的URL设置对s3资源的私有访问权限,但我不断得到以下内容作为回报 .
请求:
GET /index.html?Expires=1483228800&Signature=lhsrX7PhDWB55DUgv4kWHE9iAn1oamnus3RfDvb~X3EEAGwoEPLcMpXho~Pss2gSDTSUDFRSllZfvV3EOlOQMhixY9D036nx0rMYsqiSnl09jgKypVZGYcVVlPFqr-8~h2fduC2QjDjakMicM1TvQehCAat1cZGh1bp68KZQKO5iBiyw52xkYyvkVdUjN1l1m0W6-dnTWEOZWQIOlIX6bV8l0GHUwOpwjeQA28-bA2X7wwGeAXvYkGs5YIamBWi98O-z44vXq8k4o1d8Ce8WqLCRdoHbC6WHgOvrx9uhDQwzXIYq2u1OboJe3i8ojWKwKcGYUoR-TbBbcz3Idzfflw__&Key-Pair-Id=APKAI5QZNATBCXWPT7LA HTTP/1.1
Host: d6x4svdsauc7c.cloudfront.net
Cache-Control: no-cache
响应:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access denied</Message></Error>
content-length →110
content-type →text/xml
date →Mon, 21 Nov 2016 15:51:13 GMT
server →CloudFront
status →403
via →1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
x-amz-cf-id →rbSd5kfPq3fn0TbI-asrdZcweOFubqVqhEl28AytWgrva6wZiJZclQ==
x-cache →Error from cloudfront
请求:
GET /8994c9b6-933e-4016-a5bd-cc6c9720b170/9ccc0c6e-e1c5-4448-91a6-7899f2ebc67a.jpeg?Expires=1483228800&Signature=LreSylF4zpo3ZxXSzShTl44emepfLGHyHssSC0GvPf99TDDwytAWk4l8NtPteyU-cY679nZPFIIVtijshP99hs5kmpNyqqH~24pfE681bPLsQ8~~YeKVNmY5otgr6Ov2FYFWpR5i5uH6weja494isQsoe~2hk6-2ryqCowrKFrO2XyAjNfsP3A~VPT3REGlOL3LcA3A4rbK1H2VL9f8HVxmaL56qny7S4uXAfNaMWhEXuxFyZIaFIAotaVNYxNW5265vwUWPxcUvG4dib7YW2ZzfaEHbNngjbLJBzO~4jjAz8bw-Tj~LX45bF2gSN-JLXdESthyiI8plg65a758gPQ__&Key-Pair-Id=APKAI5QZNATBCXWPT7LA HTTP/1.1
Host: d6x4svdsauc7c.cloudfront.net
Cache-Control: no-cache
响应:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access denied</Message></Error>
content-length →110
content-type →text/xml
date →Mon, 21 Nov 2016 15:53:15 GMT
server →CloudFront
status →403
via →1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
x-amz-cf-id →93RY4Sv7dQgsFBMJG8UOEOXKhq06kc6MgpqueR_NeHyl3916kH5gwQ==
x-cache →Error from cloudfront
我的存储桶策略看起来像是,我删除了我的存储桶名称和Origin Access Identity ID:
{
"Version": "2012-10-17",
"Id": "Policy1479136763703",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity myidhere"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3::mybucket/*"
}
]
}
正如你所看到的,我用'm always getting a 403 back. When I turn off signed urls it all works as expected. I' m使用Python签署网址 . 我的代码与找到的示例代码here几乎相同 . 任何帮助将非常感激!