3

我想知道如何为云端创建签名 URL。当前的工作解决方案是不安全的,我想将系统切换到安全 URL。

我尝试过使用 Boto 2.5.2 和 Django 1.4

是否有关于如何使用 boto.cloudfront.distribution.create_signed_url 方法的工作示例?或任何其他有效的解决方案?

我使用 BOTO 2.5.2 API 尝试了以下代码

def get_signed_url():
    import boto, time, pprint
    from boto import cloudfront
    from boto.cloudfront import distribution
    AWS_ACCESS_KEY_ID = 'YOUR_AWS_ACCESS_KEY_ID'
    AWS_SECRET_ACCESS_KEY = 'YOUR_AWS_SECRET_ACCESS_KEY'
    KEYPAIR_ID = 'YOUR_KEYPAIR_ID'
    KEYPAIR_FILE = 'YOUR_FULL_PATH_TO_FILE.pem'
    CF_DISTRIBUTION_ID = 'E1V7I3IOVHUU02'
    my_connection = boto.cloudfront.CloudFrontConnection(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
    distros = my_connection.get_all_streaming_distributions()
    oai = my_connection.create_origin_access_identity('my_oai', 'An OAI for testing')
    distribution_config = my_connection.get_streaming_distribution_config(CF_DISTRIBUTION_ID)
    distribution_info = my_connection.get_streaming_distribution_info(CF_DISTRIBUTION_ID)
    my_distro = boto.cloudfront.distribution.Distribution(connection=my_connection, config=distribution_config, domain_name=distribution_info.domain_name, id=CF_DISTRIBUTION_ID, last_modified_time=None, status='Active')

    s3 = boto.connect_s3()
    BUCKET_NAME = "YOUR_S3_BUCKET_NAME"
    bucket = s3.get_bucket(BUCKET_NAME)
    object_name = "FULL_URL_TO_MP4_ECLUDING_S3_URL_DOMAIN_NAME EG( my/path/video.mp4)"
    key = bucket.get_key(object_name)
    key.add_user_grant("READ", oai.s3_user_id)

    SECS = 8000
    OBJECT_URL = 'FULL_S3_URL_TO_FILE.mp4'
    my_signed_url = my_distro.create_signed_url(OBJECT_URL, KEYPAIR_ID, expire_time=time.time() + SECS, valid_after_time=None, ip_address=None, policy_url=None, private_key_file=KEYPAIR_FILE, private_key_string=KEYPAIR_ID)

在方法 create_signed_url 之前,一切似乎都很好。它返回一个错误。

Exception Value: Only specify the private_key_file or the private_key_string not both
4

1 回答 1

3

省略private_key_string

my_signed_url = my_distro.create_signed_url(OBJECT_URL, KEYPAIR_ID,
        expire_time=time.time() + SECS, private_key_file=KEYPAIR_FILE)

该参数用于将私钥文件的实际内容作为字符串传递。源代码中的注释解释说,只有一个private_key_fileorprivate_key_string应该通过。

您还可以省略所有设置为 的 kwargs None,因为这None是默认设置。

于 2012-07-03T18:28:19.337 回答