Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Swift AWS S3传输管理器${cognito identity.amazonaws.com:sub}策略变量访问被拒绝_Swift_Amazon Web Services_Amazon S3_Amazon Cognito_Amazon Iam - Fatal编程技术网
Fatal编程技术网
  • swift/
  • Swift AWS S3传输管理器${cognito identity.amazonaws.com:sub}策略变量访问被拒绝

Swift AWS S3传输管理器${cognito identity.amazonaws.com:sub}策略变量访问被拒绝

swift amazon-web-services amazon-s3

Swift AWS S3传输管理器${cognito identity.amazonaws.com:sub}策略变量访问被拒绝,swift,amazon-web-services,amazon-s3,amazon-cognito,amazon-iam,Swift,Amazon Web Services,Amazon S3,Amazon Cognito,Amazon Iam,我正在尝试使用Transfer Manager从特定于用户的文件夹将文件从AWS S3下载到iOS mobile app,如下所示: @IBAction func download() { let transferManager = AWSS3TransferManager.default()! let downloadingFileURL = URL(fileURLWithPath: NSTemporaryDirectory()).appendingPathComponent(

我正在尝试使用Transfer Manager从特定于用户的文件夹将文件从AWS S3下载到iOS mobile app,如下所示:

@IBAction func download() {
    let transferManager = AWSS3TransferManager.default()!
    let downloadingFileURL = URL(fileURLWithPath: NSTemporaryDirectory()).appendingPathComponent("disney1.jpg")
    let downloadRequest = AWSS3TransferManagerDownloadRequest()!
    downloadRequest.bucket = "sidestreamx"
    // user's UUID/disney1
    downloadRequest.key = "631d121f-b294-4318-b3cd-36b3b74ebdff/disney1"
    downloadRequest.downloadingFileURL = downloadingFileURL

    transferManager.download(downloadRequest).continue(with: AWSExecutor.mainThread(), with: {
        (task: AWSTask<AnyObject>) -> Any? in
        if let error = task.error as? NSError {
            // handle error
            return nil
        }
        self.imageView.image = UIImage(contentsOfFile: downloadingFileURL.path)
        return nil
    })
}
我得到的回应是

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code>
   <Message>Access Denied</Message>    
   <RequestId>E1F205B58EF4A670</RequestId>
   <HostId>dUWI8PfVZL3mJmykjhXRqvFd1yt/CqDFNlwgwD3kmLk2vrMBP6JvVgezMYSROt3KyE3dx0+3eDE=</HostId>
</Error>
用户通过AWS Cognito用户池和Cognito联合身份进行身份验证。我已经调试并提取了JWT令牌,并且看到了
sub=“631d121f-b294-4318-b3cd-36b3b74ebdff”
。我甚至曾经看到过请求/响应

如果我用
631D12F-b294-4318-b3cd-36b3b74ebdff
替换上次语句
S3GetObjects
中的
${cognito identity.amazonaws.com:sub}
,以获得
arn:aws:s3::sidestreamx/631D12F-b294-4318-b3cd-36b3b74ebdff/*
,则它确实有效。第一个语句可以继续使用policy变量,它仍然可以工作。如果我完全删除第一条语句,它就会起作用!当我将策略变量添加到最后一条语句时,它开始崩溃

我已经核实了这个问题,但没有结果。所以是的,我不知道。我已经在这里工作了将近9个多小时,所以任何帮助都会非常感激

问题解决了。事实证明,
${cognito identity.amazonaws.com:sub}
实际上并没有引用JWT令牌中的
sub
。它指的是来自凭证提供者的标识ID:

    (AWSServiceManager.default().defaultServiceConfiguration.credentialsProvider
        as! AWSCognitoCredentialsProvider).getIdentityId()
        .continue({task -> Any? in
        print("Credentials ID is \(task.result!)")
        return nil
    })
我在我的bucket中手动创建了一个名为
task.result的文件夹(格式为
us-east-1:xxxxxxxxxxxxxxxx
fyi),并且有效
 很抱歉给你带来了困惑。是的,策略变量指的是Cognito联合身份的身份id,而不是用户池字段,尽管术语重叠,这是公认的令人困惑的。谢谢!花了半天时间才意识到“sub”与我的cognito用户属性中的“sub”不匹配。与GitHub杂志上的一篇文章正好相反。两年后,几乎完全相反。让我度过了一天中最美好的时光,你的帖子终于解决了这个问题!

    (AWSServiceManager.default().defaultServiceConfiguration.credentialsProvider
        as! AWSCognitoCredentialsProvider).getIdentityId()
        .continue({task -> Any? in
        print("Credentials ID is \(task.result!)")
        return nil
    })