CloudFront 签名 URL 访问被拒绝

【问题标题】:CloudFront Signed URLs access deniedCloudFront 签名 URL 访问被拒绝
【发布时间】:2018-01-16 05:15:46
【问题描述】:

我正在尝试将签名的 URL 添加到 CloudFront 上的视频中,一切设置都很好,但是当我打开我的 URL 时,每次生成 URL 代码时它都会显示访问被拒绝错误,这里是以下错误 

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>081DED49D4E126A6</RequestId>
<HostId>Lx+3mwxdCGo1vWAGM5RzPHDKrwEkvQwi8XiH2hBgj51XWsxu4gqY3Zr+w1x4ZoZQAYWEHV9u1wA=</HostId>
</Error>

这是我的代码,我不知道我做错了什么

<?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", 500);
function getSignedURL($resource, $timeout)
{
    //This comes from key pair you generated for cloudfront
    $keyPairId = "APKAIJP3H7LLN44FL2OQ";

    $expires = time() + $timeout; //Time out in seconds
    $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';     

    //Read Cloudfront Private Key Pair
    $fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
    $priv_key=fread($fp,8192); 
    fclose($fp); 

    //Create the private key
    $key = openssl_get_privatekey($priv_key);
    if(!$key)
    {
        echo "<p>Failed to load private key!</p>";
        return;
    }

    //Sign the policy with the private key
    if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
    {
        echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
        return;
    }

    //Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

    //Construct the URL
    $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

    return $url;
}

echo $urlShow;
?>

【问题讨论】:

    标签: php amazon-cloudfront


    【解决方案1】:

    您收到此信息是因为您在代码中使用的到期时间不正确。要解决此问题,首先我们需要更新 Bucket 策略并使用正确的 Key-Pair-IDPrivate Key 然后在第二行的代码使用正确的 Unix 时间戳,例如 time() + 600 而不是 500 PHP, time - Manual

    这是解决问题的完整代码

    <?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", time() + 600);
function getSignedURL($resource, $timeout) {
//This comes from key pair you generated for cloudfront
$keyPairId = "APKAIJP3H7LLN44FL2OQ";

$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}'; 

//Read Cloudfront Private Key Pair
$fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
$priv_key=fread($fp,8192); 
fclose($fp); 

//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key) {
echo "<p>Failed to load private key!</p>";
return;
}

//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
return;
}

//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
return $url;
}

echo $urlShow;
?>

    【讨论】:

      猜你喜欢
      • 2019-08-30
      • 2013-01-03
      • 2017-10-03
      • 2021-09-07
      • 2015-05-21
      • 2018-09-18
      • 2015-02-13
      • 2021-03-06
      • 2018-07-20
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode