【发布时间】:2017-03-23 13:28:40
【问题描述】:
这是我收到拒绝访问消息的代码。谁能告诉我如何解决这个问题。
我的存储桶政策
"cloudfront:user/CloudFront Origin Access Identity [ID]" with s3.
存储桶策略资源
“资源”:“arn:aws:s3:::bucket_name/*”
use Aws\CloudFront\CloudFrontClient;
require 'vendor/autoload.php';
$cloudFront = CloudFrontClient::factory([
'version' => 'latest',
'region' => 'ap-south-1'
]);
// Setup parameter values for the resource
$streamHostUrl = 'http://example.cloudfront.net';
$resourceKey = 'Bucket/1.jpg';
$expires = new DateTime('+1 minute');
// Create a signed URL for the resource using the canned policy
$url = $cloudFront->getSignedUrl([
'url' => $streamHostUrl . '/' . $resourceKey,
'expires' => $expires->getTimestamp(),
'private_key' => 'pk-private_key.pem',
'key_pair_id' => '<key_pair_id>'
]);
echo $url;
错误“拒绝访问”
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>EE8B43497F516AD3</RequestId>
<HostId>
jghWRjO1Rnvv0/hRaeBS4pThCFJcGN26r3wDcMAiyqWeVHRVLbNaSUiIQmR7dDiQus/j8QjUWhM=
</HostId>
</Error>
【问题讨论】:
-
似乎问题出在存储桶策略上。我们可以查看整个存储桶策略(您的实际源访问 ID 除外)吗?
-
{ “版本”:“2008-10-17”,“Id”:“PolicyForCloudFrontPrivateContent”,“声明”:[ { “Sid”:“1”,“效果”:“允许” , "Principal": { "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXXX" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3 :::bucket_name/*" } ] }
标签: amazon-s3 amazon amazon-cloudfront