【发布时间】:2021-06-30 11:52:07
【问题描述】:
我有一个允许打开文件的存储桶。我上传了一个名为test.gsm 的测试文件,并尝试通过这样做来预签名文件
root@server2:~# aws s3 presign s3://dovid-ft/test.gsm --expires-in 604800
https://dovid-ft.s3.amazonaws.com/test.gsm?AWSAccessKeyId=AKIAJSDPJKCCGAZ257VQ&Signature=0zbBU2B%2FKVrqgOXFQNTGh3gme%2Fo%3D&Expires=1625658191
root@server2:~#
如果我尝试抓取该文件,我会得到 403。
root@server2:~# wget 'https://dovid-ft.s3.amazonaws.com/test.gsm?AWSAccessKeyId=AKIAJSDPJKCCGAZ257VQ&Signature=0zbBU2B%2FKVrqgOXFQNTGh3gme%2Fo%3D&Expires=1625658191'
--2021-06-30 07:49:21-- https://dovid-ft.s3.amazonaws.com/test.gsm?AWSAccessKeyId=AKIAJSDPJKCCGAZ257VQ&Signature=0zbBU2B%2FKVrqgOXFQNTGh3gme%2Fo%3D&Expires=1625658191
Resolving dovid-ft.s3.amazonaws.com (dovid-ft.s3.amazonaws.com)... 52.217.88.204
Connecting to dovid-ft.s3.amazonaws.com (dovid-ft.s3.amazonaws.com)|52.217.88.204|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-06-30 07:49:21 ERROR 403: Forbidden.
root@server2:~#
我还尝试对密钥的 HTML 进行解码,看看是否有帮助,但没有。
root@server2:~# wget 'https://dovid-ft.s3.amazonaws.com/test.gsm?AWSAccessKeyId=AKIAJSDPJKCCGAZ257VQ&Signature=0zbBU2B/KVrqgOXFQNTGh3gme/o=&Expires=1625658191'
--2021-06-30 07:49:37-- https://dovid-ft.s3.amazonaws.com/test.gsm?AWSAccessKeyId=AKIAJSDPJKCCGAZ257VQ&Signature=0zbBU2B/KVrqgOXFQNTGh3gme/o=&Expires=1625658191
Resolving dovid-ft.s3.amazonaws.com (dovid-ft.s3.amazonaws.com)... 52.217.32.100
Connecting to dovid-ft.s3.amazonaws.com (dovid-ft.s3.amazonaws.com)|52.217.32.100|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-06-30 07:49:37 ERROR 403: Forbidden.
root@server2:~#
有没有办法获取日志或查看问题所在以及我的请求被拒绝的原因?到目前为止,能够获取该文件的唯一方法是将其公开,我不想这样做。
【问题讨论】:
-
是否允许签署 URL 的实体下载它?如果这是一个真实的存储桶名称并且您以某种方式将其公开,我强烈建议您在问题中更改它。
标签: bash amazon-web-services amazon-s3 pre-signed-url