我无法使用 ListObjects 方法通过 Secure Token Service 访问 AWS S3。
文档说明了一个存储桶,它的对象可以是私有的,而我们可以使用 AWS STS 获取临时凭证来访问 S3 对象。
我正在尝试创建图形服务器。我有一个单独的服务,您可以查询。在响应期间,我的计划是使用 AWS STS 公开我的 S3 存储桶中的图像。
use Aws\Sts\StsClient;
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
$bucket = 'bucket_name';
// the security credentials that you use to obtain temporary security credentials.
$stsClient = StsClient::factory(array(
'credentials' => array(
'secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'key' => 'YYYYYYYYYYYYYYYYYYYYYYYYY'
),
'region'=>'us-east-1',
'version'=>'latest'
));
// Fetch the federated credentials.
$sessionToken = $stsClient->getFederationToken([
'Name' => 'IAM-Username',
'DurationSeconds' => '3600',
'PolicyName' => 'my-policy'
]);
// The following will be part of your less trusted code. You provide temporary
// security credentials so the code can send authenticated requests to Amazon S3.
$s3 = new S3Client([
'region' => 'us-east-1',
'version' => 'latest',
'credentials' => [
'key' => $sessionToken['Credentials']['AccessKeyId'],
'secret' => $sessionToken['Credentials']['SecretAccessKey'],
'token' => $sessionToken['Credentials']['SessionToken']
]
]);
print_r($sessionToken);
echo "<br/>";
echo "<br/>";
try {
$result = $s3->listObjects([
'Bucket' => $bucket
]);
} catch (S3Exception $e) {
echo $e->getMessage() . PHP_EOL;
}
我期待一个 S3 对象键列表。但相反,我收到一条错误消息:
在“ https://s3.amazonaws.com/bucket_name?encoding-type=url ”上执行“ListObjects”时出错;AWS HTTP 错误:客户端错误:
GET https://s3.amazonaws.com/bucket_name?encoding-type=url导致403 >Forbidden响应:AccessDeniedAccess Denied AccessDenied(客户端):>Access Denied - AccessDeniedAccess Denied XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX