我有一段 python 代码请求一个新的联合令牌:
AWS_HOST = 'sts.amazonaws.com'
AWS_URI = '/'
AWS_ID = '...'
AWS_SECRET = '...'
def amazon(content):
URI_String=[]
for keyword, value in sorted(content.items()):
URI_String.append('%s=%s' % (keyword, urllib.quote(value))
req = '&'.join(URI_String)
to_sign_req = 'GET\n%s\n%s\n%s' % (AWS_HOST, AWS_URI, req)
h = hmac.new(AWS_SECRET, to_sign_req, hashlib.sha256)
sig = base64.b64encode(h.digest())
req += '&Signature=%s' % urllib.quote(sig)
baseurl = 'https://sts.amazonaws.com?'
apicall = baseurl + req
r = urllib.urlopen(apicall).read()
return r
我将它与这些准备好的内容一起使用:
content['Timestamp'] = dstamp.strftime('%Y-%m-%dT%H:%M:%S.000Z')
content['SignatureVersion'] = '2'
content['AWSAccessKeyId'] = AWS_ID
content['DurationSeconds'] = '3600'
content['SignatureMethod']='HmacSHA256'
content['Version']='2011-06-15'
content['Action']='GetFederationToken'
content['Name']='someFederateduserName'
它工作正常。但是当我尝试添加策略(content['Policy']=POLICY)时,具有 POLICY =
{
"Statement": [{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucketname/foldername/*"
}]
}
亚马逊返回SignatureDoesNotMatch响应。有谁知道如何修理它?我想发布具有自定义策略的联合令牌...