允许我的 Amazon Cognito 用户上传到 S3 上的特定文件夹

Question

我想让我的移动用户能够使用 Amazon Cognito 直接上传到 S3。

如果我替换以下内容：

"Resource": ["arn:aws:s3:::blinq-test/${cognito-identity.amazonaws.com:sub}/*"]

与：

"Resource": ["arn:aws:s3:::blinq-test/*"]

一切正常，移动用户可以将数据上传到存储桶。 问题是我希望每个用户都有自己的文件夹。

这是我附加到已验证用户池的角色策略：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::blinq-test"],
      "Condition": {"StringLike": {"s3:prefix": ["${cognito-identity.amazonaws.com:sub}/*"]}}
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::blinq-test/${cognito-identity.amazonaws.com:sub}/*"]
    }
  ]
}

使用上述方法 - 我收到以下错误：

04-13 11:27:35.754  23269-24251/com.blinq I/AmazonHttpClient﹕ Unable to execute HTTP request: Write error: ssl=0x98cdf200: I/O error during system call, Connection reset by peer
javax.net.ssl.SSLException: Write error: ssl=0x98cdf200: I/O error during system call, Connection reset by peer
        at com.android.org.conscrypt.NativeCrypto.SSL_write(Native Method)
        at com.android.org.conscrypt.OpenSSLSocketImpl$SSLOutputStream.write(OpenSSLSocketImpl.java:765)
        at com.android.okio.Okio$1.write(Okio.java:70)
        at com.android.okio.RealBufferedSink.emitCompleteSegments(RealBufferedSink.java:116)
        at com.android.okio.RealBufferedSink.write(RealBufferedSink.java:44)
        at com.android.okhttp.internal.http.HttpConnection$FixedLengthSink.write(HttpConnection.java:291)
        at com.android.okio.RealBufferedSink.emitCompleteSegments(RealBufferedSink.java:116)
        at com.android.okio.RealBufferedSink$1.write(RealBufferedSink.java:131)
        at com.amazonaws.http.UrlHttpClient.write(UrlHttpClient.java:155)
        at com.amazonaws.http.UrlHttpClient.createConnection(UrlHttpClient.java:143)
        at com.amazonaws.http.UrlHttpClient.execute(UrlHttpClient.java:60)
        at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:361)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:211)
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3838)
        at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1512)

我错过了什么？ 也许我的移动代码应该以某种方式将其定向到该文件夹​​？

如下所示：

CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
context, "us-east-1:bea10200-deed-cafe-8c8c-c1b1884410aa", Regions.US_EAST_1);

Map<String, String> logins = new HashMap<String, String>();
final String accessToken = Session.getActiveSession().getAccessToken();
logins.put("graph.facebook.com", accessToken);
credentialsProvider.withLogins(logins);

TransferManager transferManager = new TransferManager(credentialsProvider);
String keyname = "test";
transferManager.upload("blinq-test", keyname, file);

Answer 1

答案在上传过程中：

TransferManager transferManager = new TransferManager(credentialsProvider);
String keyname = credentialsProvider.getIdentityId() + "/test";
transferManager.upload("blinq-test", keyname, file);

确保上传到该用户的子文件夹