1

各位开发者,

我需要在 S3 中以 cognito-unauthenticated + cognito 身份验证状态上传。

(上传应该忽略认知凭据,但可以在两种状态下发生)

我有一个 cognito 身份池,并为其创建了未经授权的角色。我也有一个认知用户池。

我有一个专用的桶。在多次尝试 swift code + S3 policy + role policy 后,它不起作用。

迅速:

    class func uploadfile(fileURL: URL, s3Key: String)
    {
        let credentialsProvider = AWSStaticCredentialsProvider(accessKey: awsAccessKey, secretKey: awsSecretKey)
        //let credentialsProvider = AWSCognitoCredentialsProvider(regionType:.EUCentral1, identityPoolId:"cognito_identity_pool_id")
        
        let configuration = AWSServiceConfiguration(region:.EUCentral1, credentialsProvider:credentialsProvider)
        AWSServiceManager.default().defaultServiceConfiguration = configuration
        
        let tuConf = AWSS3TransferUtilityConfiguration()
        tuConf.isAccelerateModeEnabled = false
        
        AWSS3TransferUtility.register(
            with: configuration!,
            transferUtilityConfiguration: tuConf,
            forKey: "utility-key"
        )
        
        guard let transferUtility = AWSS3TransferUtility.s3TransferUtility(forKey: "utility-key")
        else
        {
            return
        }

        let expression = AWSS3TransferUtilityUploadExpression()
        expression.progressBlock = {(task, progress) in
            print("progress \(progress.fractionCompleted)")
        }
        
        var completionHandler: AWSS3TransferUtilityUploadCompletionHandlerBlock?
        completionHandler = { (task, error) -> Void in
            print("task finished")
        }
        
        let bucketName = "bucket name (not ARN)"
        guard let data = try? Data.init(contentsOf: fileURL)
        else
        {
            return
        }
    
        transferUtility.uploadData(data as Data, bucket: bucketName, key: s3Key, contentType: "text/plain", expression: expression,
        completionHandler: completionHandler).continueWith
        {
            (task) -> AnyObject? in
            if let error = task.error {
                print("Error: \(error.localizedDescription)")
            }
            
            if let _ = task.result {
                print ("upload successful.")
            }
            
            return nil
        }
    }

这是存储桶策略:

{
    "Version": "2012-10-17",
    "Id": "PolicyID",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "ARN for Cognito Identity pool unauthorized role"
            },
            "Action": "s3:*",
            "Resource": "ARN for bucket to upload"
        }
    ]
}

这是Cognito 身份池未授权角色的角色策略(在上面的存储桶策略中提到):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

注意: 我想限制上述角色策略(因为这是访客未经授权的上传)而不是完全访问权限,但即使完全访问权限上传也不成功。

我已经尝试过的:

  • 上面的 Swift 代码有我尝试过但已经失败的注释
  • 反复调用uploadfile(),我只得到“上传成功”。但不是“任务完成”或“进度”消息。第一次,我收到所有 3 条消息。
  • 我已经清除了 Keychain DB 的缓存(用于模拟器) - 只是为了在 AWS 端更改后刷新凭证。没有结果。

感谢您的时间!

4

1 回答 1

0

我通过以下解决方案解决了它:

桶策略:

{
    "Version": "2012-10-17",
    "Id": "PolicyID",
    "Statement": [
        {
            "Sid": "StatementID",
            "Effect": "Allow",
            "Principal": {
                "AWS": "bucket_arn"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "bucket_arn/*"
        }
    ]
}

未经身份验证的 Cognito 角色附加的策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "bucket_arn"
        }
    ]
}

所做的iOS 代码更改(添加了以下语句):

tuConf.bucket = "bucket_name (not ARN, not full bucket URL, just name)"
于 2020-12-08T13:18:06.073 回答