Fatal编程技术网
  • javascript/
  • Javascript AWS S3 bucket返回ec2实例使用时拒绝的访问,即使附加了策略和权限

Javascript AWS S3 bucket返回ec2实例使用时拒绝的访问,即使附加了策略和权限

javascript amazon-web-services amazon-s3 amazon-ec2

Javascript AWS S3 bucket返回ec2实例使用时拒绝的访问,即使附加了策略和权限,javascript,amazon-web-services,amazon-s3,amazon-ec2,Javascript,Amazon Web Services,Amazon S3,Amazon Ec2,我在ec-2服务器上托管了一个环回api,它将下载s3 bucket文件夹的内容。当桶策略 "Principal": { "AWS": "*" }, 下载将以这种方式工作, 但是关于将原则改为 "Principal": { "AWS": "arn:aws:iam::<account-number>:role/<ec2-role>" }, 要从s3 bucket下载的代码: module.expor

我在ec-2服务器上托管了一个环回api,它将下载s3 bucket文件夹的内容。当桶策略

    "Principal": {
        "AWS": "*"
     },
下载将以这种方式工作, 但是关于将原则改为

    "Principal": {
      "AWS": "arn:aws:iam::<account-number>:role/<ec2-role>"
     },
要从s3 bucket下载的代码:

    module.exports = function(app) {
    var myParser = require('body-parser');
    app.use(myParser.urlencoded({extended: true}));
    app.post('/downloadZip', function(request, response) {
    const s3Zip = require('s3-zip');
    const AWS = require('aws-sdk');
    const region = 'us-east-1';
    const bucket = '<bucket-name';
    const filename = new Date().toISOString().replace(/:/g,'-').replace(/T|Z/g,'_') + '_recordings_dump.zip';
    const folder =request.body.userId + '/';
    const fileArray = JSON.parse(request.body.files);
    console.log('Request body=', request.body);
    response.set('content-type', 'application/zip');
    response.set('Content-Disposition', 'attachment; filename=' + filename);
    s3Zip.archive({region: region, bucket: bucket, preserveFolderStructure: true, debug: true },folder, fileArray).pipe(response);
     });
     };

module.exports=函数(应用程序){
var myParser=require('body-parser');
use(myParser.urlencoded({extended:true}));
app.post('/downloadZip',函数(请求、响应){
const s3Zip=require('s3-zip');
const AWS=require('AWS-sdk');
常量区域='us-east-1';

const bucket='你能编辑你的问题来向我们展示从Amazon S3下载的代码吗?是使用S3 API调用,还是仅仅使用普通的curl/wget?这将影响S3是否接收到请求者的身份。是的,只是编辑了它!哪一行实际上在调用AWS?我看不出代码在哪里使用AWS SDK调用S3。这可能是因为Bly没有传递用户凭据,因此S3无法识别发出请求的用户。我建议使用普通的SDK调用,而不是尝试自己构造请求。是的,我使用SDK的目的不同。凭据使用“aws配置”存储,该配置工作正常。

    message: 'Access Denied',
    code: 'AccessDenied',
    region: null,
    time: 2019-08-29T11:14:30.083Z,
    requestId: '98B0580B0D2A00F3',
    extendedRequestId:'s5K0fPsew96Mf8c2d3R8xj0M85ICY/gNL5wu0ZthpTwO1jgLAccfVee/J7QXZDSXXLmXioVNQwE=',
     cfId: undefined,
     statusCode: 403,
     retryable: false,
     retryDelay: 89.70255005732741 }



    module.exports = function(app) {
    var myParser = require('body-parser');
    app.use(myParser.urlencoded({extended: true}));
    app.post('/downloadZip', function(request, response) {
    const s3Zip = require('s3-zip');
    const AWS = require('aws-sdk');
    const region = 'us-east-1';
    const bucket = '<bucket-name';
    const filename = new Date().toISOString().replace(/:/g,'-').replace(/T|Z/g,'_') + '_recordings_dump.zip';
    const folder =request.body.userId + '/';
    const fileArray = JSON.parse(request.body.files);
    console.log('Request body=', request.body);
    response.set('content-type', 'application/zip');
    response.set('Content-Disposition', 'attachment; filename=' + filename);
    s3Zip.archive({region: region, bucket: bucket, preserveFolderStructure: true, debug: true },folder, fileArray).pipe(response);
     });
     };