我正在直接上传到 S3,并且我有这样声明的预签名帖子:
@s3_direct_post = S3_BUCKET.presigned_post(key: "images/#{SecureRandom.uuid}/${filename}", success_action_status: '201', acl: 'public-read', allow_any: ['utf8', 'authenticity_token'])
在开发环境中,它可以正确构建所有内容,我得到如下信息:
{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}
但是在我把它推送到 Heroku 之后,我得到了这样的东西:
{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}
现在我的访问密钥 (AKID) 不再存在,我收到此错误:
<Error><Code>InvalidArgument</Code><Message>a non-empty Access Key (AKID) must be provided in the credential.</Message><ArgumentName>X-Amz-Credential</ArgumentName><ArgumentValue>/20180505/us-east-1/s3/aws4_request</ArgumentValue><RequestId>%REQUESTID%</RequestId><HostId>%HOSTID%</HostId></Error>
我的 AWS 凭证在 initalizers/aws.rb 中声明,因此它们不依赖于环境类型。这可能是什么原因造成的?
编辑(显示我如何声明 S3_BUCKET 是我在 aws.rb 中初始化的常量):
Aws.config.update({
region: 'us-east-1',
credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'])
})
S3_BUCKET = Aws::S3::Resource.new.bucket(ENV['S3_BUCKET'])
此外,两个 presigned-post 对象之间的区别:
"x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request"
"x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request"