如何使用Python在Lambda中为CloudFront生成SignedUrl?
我目前的python代码有一个问题,这段代码生成一个云前端签名的URL并打印出来。我在VS代码中有一个虚拟环境,它工作正常,但当我将其上载到lambda时,我收到错误:“errorMessage”:“没有名为“\u cffi\u backend”的模块” 我试过: pip安装-t$PWD cffi pip安装-t$PWD加密 将它们压缩到一个.zip文件中,并将其上载到lambda以满足要求,我还压缩了虚拟环境中具有工作依赖项的所有包 我如何解决这个问题?我需要在lambda中安装这个,我以前也安装过cffi如何使用Python在Lambda中为CloudFront生成SignedUrl?,python,amazon-web-services,aws-lambda,amazon-cloudfront,python-cffi,Python,Amazon Web Services,Aws Lambda,Amazon Cloudfront,Python Cffi,我目前的python代码有一个问题,这段代码生成一个云前端签名的URL并打印出来。我在VS代码中有一个虚拟环境,它工作正常,但当我将其上载到lambda时,我收到错误:“errorMessage”:“没有名为“\u cffi\u backend”的模块” 我试过: pip安装-t$PWD cffi pip安装-t$PWD加密 将它们压缩到一个.zip文件中,并将其上载到lambda以满足要求,我还压缩了虚拟环境中具有工作依赖项的所有包 我如何解决这个问题?我需要在lambda中安装这个,我以前也
import datetime
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from botocore.signers import CloudFrontSigner
def rsa_signer(message):
with open('key.pem', 'rb') as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
print (message)
return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())
def lambda_handler(event, context):
key_id = 'APKAJSKEXampleKNQ'
url = 'https://example.com/example.html'
expire_date = datetime.datetime(2021, 1, 1)
cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
# Create a signed url that will be valid until the specfic expiry date
# provided using a canned policy.
signed_url = cloudfront_signer.generate_presigned_url(
url, date_less_than=expire_date)
print(signed_url)
{
“errorMessage”:“没有名为“\u cffi\u backend”的模块”,
“errorType”:“ModuleNotFoundError”,
“stackTrace”:[
“文件\“/var/task/why.py\”,第31行,在lambda\u处理程序url中,日期小于等于过期日期\n”,
“File\”/var/runtime/botocore/signers.py\”,第344行,在generate\u presigned\u url\n signature=self.rsa\u signer(策略)\n中,
“文件\”/var/task/why.py\”,第15行,在rsa\u signer\n backend=default\u backend()\n中,
“文件\”/var/task/cryptography/hazmat/backends/\uuuu init\uuuuuu.py\”,第15行,默认为\u backend\n from cryptography.hazmat.backends.openssl.backend import backend\n“,
“文件\”/var/task/cryptography/hazmat/backends/openssl/_init__uuu.py\”,第7行,在cryptography.hazmat.backends.openssl.backend导入后端中\n“,
“文件\”/var/task/cryptography/hazmat/backends/openssl/backend.py\”,第109行,在cryptography.hazmat.bindings.openssl导入绑定中\n“,
“文件\“/var/task/cryptography/hazmat/bindings/openssl/binding.py\”,第14行,在cryptography.hazmat.bindings中。\u openssl导入ffi,lib\n”
]
}
我阅读了“boto”云前端签名者的源代码,发现所有功能都是内置的。不需要使用“cryptography.hazmat”
我将上面的代码转换为更简单的代码
from boto.cloudfront.distribution import Distribution
from boto.cloudfront import CloudFrontConnection
from botocore.signers import CloudFrontSigner
import datetime
import rsa
def rsa_signer(message):
private_key = open('key.pem', 'r').read()
return rsa.sign(message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')),'SHA-1')
def lambda_handler(event, context):
url = "https://Example.com/Register.html"
expire_date = datetime.datetime(2021, 1, 1)
key_id = 'APKAJSEXAMPLENXQ'
cf_signer = CloudFrontSigner(key_id, rsa_signer)
signed_url = cf_signer.generate_presigned_url(url, date_less_than=expire_date)
print(signed_url)
对于想知道如何使用python正确生成云前端预签名的人,请确保打包“boto”和“rsa”“上传到lambda时,请将其保存到您的zip文件中。哦,伙计,我希望在使用python为我的网站创建签名url之前也看到了这一点。”。但我总是被拒绝访问错误。为了缓解这种情况,我采用了node.js方法。我也会尝试你的方法,因为它看起来很整洁。非常感谢。!
from boto.cloudfront.distribution import Distribution
from boto.cloudfront import CloudFrontConnection
from botocore.signers import CloudFrontSigner
import datetime
import rsa
def rsa_signer(message):
private_key = open('key.pem', 'r').read()
return rsa.sign(message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')),'SHA-1')
def lambda_handler(event, context):
url = "https://Example.com/Register.html"
expire_date = datetime.datetime(2021, 1, 1)
key_id = 'APKAJSEXAMPLENXQ'
cf_signer = CloudFrontSigner(key_id, rsa_signer)
signed_url = cf_signer.generate_presigned_url(url, date_less_than=expire_date)
print(signed_url)