升级到 3.0 PHP sdk,这可能是一个错误,因为它破坏了一切。
我正在尝试创建一个 sts 客户端,但它不断收到错误
Error executing "GetFederationToken" on "https://sts.amazonaws.com"; AWS HTTP error: Client error: 403 SignatureDoesNotMatch (client): Credential should be scoped to a valid region, not 'us-west-1'. - <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region, not 'us-west-1'. </Message>
</Error>
<RequestId>604fe518-2381-11e5-8b68-471c4b83f798</RequestId>
</ErrorResponse>
PHP 代码
$config = \Config::get('shared_config');
$sdk = new \Aws\Sdk($config);
$sts = $sdk->createSts();
$result = $sts->getFederationToken(array(
'Name' => 'appuser',
'DurationSeconds' => 3600,
'Policy' => json_encode(array(
'Statement' => array(
array(
'Sid' => 'randomstatementid' . time(),
'Action' => array('s3:PutObject'),
'Effect' => 'Allow',
'Resource' => 'arn:aws:s3:::' . \Config::get('aws_bucket'),
)
)
))
));
其中 $config 是一个数组
array(
'region' => 'us-west-1',
'version' => 'latest',
'debug'=>true,
'credentials'=>array(
'key' => 'XXX',
'secret' => 'XXX',
)
因此该区域显然已设置,并且 us-west-1 是有效区域 https://docs.aws.amazon.com/general/latest/gr/rande.html
文档非常糟糕,但https://docs.aws.amazon.com/aws-sdk-php/v3/guide/getting-started/basic-usage.html#using-the-sdk-class是我的那种下列的
并创建一个客户端 https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.Sdk.html 见方法 createSts
我也可以成功地使用具有相同凭据的 s3 客户端并执行命令。
$config = \Config::get('shared_config');
$sdk = new \Aws\Sdk($config);
$s3 = $sdk->createS3();