在 AWS S3 存储桶上上传文件 [android studio]

Question

我正在尝试将文件从 android studio 上传到 AWS S3 Bucket。我创建了一个新的 AWS 账户。这似乎是验证/授权代码问题。有人可以帮忙找出根本原因吗？如何解决？

如果需要更多详细信息，请告诉我。

谢谢，

存储桶策略：

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"

            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}

调试日志中的警告：

D/CognitoCachingCredentialsProvider﹕ Loading credentials from SharedPreferences
D/CognitoCachingCredentialsProvider﹕ No valid credentials found in SharedPreferences
I/AmazonHttpClient﹕ Unable to execute HTTP request: Read timed out
    java.net.SocketTimeoutException: Read timed out
            at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
            at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:674)
            at com.android.okio.Okio$2.read(Okio.java:113)
            at com.android.okio.RealBufferedSource.indexOf(RealBufferedSource.java:147)
            at com.android.okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:94)
            at com.android.okhttp.internal.http.HttpConnection.readResponse(HttpConnection.java:175)
            at com.android.okhttp.internal.http.HttpTransport.readResponseHeaders(HttpTransport.java:101)
            at com.android.okhttp.internal.http.HttpEngine.readResponse(HttpEngine.java:616)
            at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:379)
            at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:323)
            at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponseMessage(HttpURLConnectionImpl.java:487)
            at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getResponseMessage(DelegatingHttpsURLConnection.java:109)
            at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getResponseMessage(HttpsURLConnectionImpl.java:25)
            at com.amazonaws.http.UrlHttpClient.execute(UrlHttpClient.java:62)
            at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:353)
            at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:196)
            at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4234)
            at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1644)
            at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadCallable.uploadInOneChunk(UploadCallable.java:134)
            at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadCallable.call(UploadCallable.java:126)
            at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadMonitor.upload(UploadMonitor.java:182)
            at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadMonitor.call(UploadMonitor.java:140)
            at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadMonitor.call(UploadMonitor.java:54)
            at java.util.concurrent.FutureTask.run(FutureTask.java:237)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
            at java.lang.Thread.run(Thread.java:818)

代码：

// Variables Values:
private static final String AWS_ACCOUNT_ID = "078xxxxxxx91";
    private static final String COGNITO_POOL_ID = "eu-west-1:9xxxxx16-4xx2-4xxa-axx1-44cxxxxxxxf5";
    private static final String COGNITO_ROLE_UNAUTH = "arn:aws:iam::078xxxxxxx91:role/Cognito_ABCUnauth_Role";
    private static final String BUCKET_NAME = "mybucket";

   private void uploadImagesToServer() {
        Thread thread = new Thread(new Runnable() {
            @Override
            public void run() {
                try {
                    AWSCredentialsProvider credProvider = null;
                    credProvider = getCredProvider(credProvider, getApplicationContext());
                    TransferManager transferManager = new TransferManager(credProvider);
            for(int i=0; i<imagesPath.size(); i++) {
                File file = new File(imagesPath.get(i));
                String fileName = file.getName();
                Upload upload = transferManager.upload(BUCKET_NAME, fileName, file);                        
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
});
thread.start();
}

public static AWSCredentialsProvider getCredProvider(AWSCredentialsProvider sCredProvider,
                                                     Context appContext) {
    if(sCredProvider == null) {
        sCredProvider = new CognitoCachingCredentialsProvider(
                appContext,
                AWS_ACCOUNT_ID, COGNITO_POOL_ID, COGNITO_ROLE_UNAUTH,
                null, Regions.EU_WEST_1);
        sCredProvider.refresh();
    }
    return sCredProvider;
}

Answer 1

日志显示Request ARN is invalid。这是因为COGNITO_ROLE_UNAUTH 是一个空字符串。请从 IAM 获取角色 arn，或从控制台复制示例代码。

然后你会看到Not authorized to perform sts:AssumeRoleWithWebIdentity 异常。当凭据提供程序向 STS 请求代入您为会话凭据指定的角色，但您的角色未设置为信任 Cognito 时，就会发生这种情况。

从名称来看，该角色是由您创建的，而不是 Cognito 在控制台中生成的。我相信你忘记了信任关系。转到 IAM 控制台，编辑角色，一直向下滚动，然后单击编辑信任关系。确保您具有以下内容（将池 id 替换为您的 Cognito 身份池 id）。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:<pool_id>"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "unauthenticated"
        }
      }
    }
  ]
}