通过 curl 成功上传 S3 预签名 URL，但它是空的

Question

我尝试通过带有 curl 的预签名 url 将文件上传到 S3。
当我运行以下命令时它返回成功

❯ curl -v -X PUT --upload-file [file directory] '[pre-sined url]'
*   Trying [port]...
* TCP_NODELAY set
* Connected to bucket-name.s3.region.amazonaws.com (ip address) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.region.amazonaws.com
*  start date: Nov  9 00:00:00 2019 GMT
*  expire date: Dec 10 12:00:00 2020 GMT
*  subjectAltName: host "bukcet-name.s3.region.amazonaws.com" matched cert's "*.s3.region.amazonaws.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
*  SSL certificate verify ok.
> PUT [pre-signed url] HTTP/1.1
> Host: bukcet-name.s3.region.amazonaws.com
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: image/png
> Content-Length: 145701
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 200 OK
< x-amz-id-2: hogehoge
< x-amz-request-id:hugahuga
< Date: Mon, 17 Feb 2020 08:09:01 GMT
< ETag: "hogehuga"
< Content-Length: 0
< Server: AmazonS3
<
* Connection #0 to host bukcet-name.s3.region.amazonaws.com left intact
* Closing connection 0

但是当我查看 S3 时，文件没有上传。

我想知道如何正确上传文件到 S3。

[更新]

我在 curl 中添加了 x-amz-acl: bucket-owner-full-control 标头，并在 S3 存储桶 CORS 中设置了 <AllowedHeader>x-amz-acl</AllowedHeader>。

curl -v -X PUT -H 'x-amz-acl: bucket-owner-full-control' --upload-file [file directory] '[pre-sined url]'

但它返回错误。 <Error><Code>AccessDenied</Code><Message>There were headers present in the request which were not signed</Message><HeadersNotSigned>x-amz-acl</HeadersNotSigned>

我还想知道我的预签名网址在目录路径中没有文件名。它是正确的预签名网址吗？

我生成预签名网址的实现是这样的：

    req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(key),
    })
    url, err := req.Presign(expires)

我需要在 PutObjectInput 结构中添加 ACL 吗？

Answer 1

这个问题是通过在生成s3目录时在末尾添加文件名来解决的。

例如（Golang）：

    req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
        Bucket: aws.String("hogehoge/fugafuga/filename"),
        Key:    aws.String(key),
    })
    url, err := req.Presign(expires)