Php 使用通配符在CloudFront中签名的URL
我正在使用PHP对URL进行签名,以便通过CloudFront访问我的S3存储桶,使用下面的代码对单个文件进行签名可以很好地工作。但在生成带有通配符的字符串后,实际文件名将被替换,例如URL中的index.html或main.css(根据文档),但访问被拒绝Php 使用通配符在CloudFront中签名的URL,php,amazon-web-services,amazon-cloudfront,Php,Amazon Web Services,Amazon Cloudfront,我正在使用PHP对URL进行签名,以便通过CloudFront访问我的S3存储桶,使用下面的代码对单个文件进行签名可以很好地工作。但在生成带有通配符的字符串后,实际文件名将被替换,例如URL中的index.html或main.css(根据文档),但访问被拒绝 <?php function getSignedURL($resource, $timeout) { //This comes from key pair you generated for cloudfront $keyPair
<?php
function getSignedURL($resource, $timeout)
{
//This comes from key pair you generated for cloudfront
$keyPairId = "MYKEYPAIR";
$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';
//Read Cloudfront Private Key Pair
$fp=fopen("aws.pem","r");
$priv_key=fread($fp,8192);
fclose($fp);
//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key)
{
echo "<p>Failed to load private key!</p>";
return;
}
//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
{
echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
return;
}
//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);
//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
return $url;
}
$url = getSignedURL("http://cdn.mydomain.com/path/*", 3000);
print_r($url);
?>
任何帮助都将不胜感激。您使用的是罐装保单还是定制保单?我发现除非使用自定义策略,否则不能使用通配符URL,所以请尝试一下。找到答案了吗?谢谢
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
}
]
}