前端之家

  1. 首页
  2. 问答

将图片上传到S3时访问被拒绝

问答

我已经从aws educate创建了aws帐户。我正在尝试将图片上传到AWS s3。但是我收到访问被拒绝的错误。

代码:

const multer = require('multer');
const multerS3 = require('multer-s3');
const config = require('../config');

aws.config.update({
  secretaccessKey: config.AWS_SECRET_accESS_KEY,accessKeyId: config.AWS_accESS_KEY_ID,region: 'us-east-1'
});

const s3 = new aws.S3();

const fileFilter = (req,file,cb) => {
  if (file.mimetype === 'image/jpeg' || file.mimetype === 'image/png' || file.mimetype === 'image/jpg') {
    cb(null,true);
  } else {
    cb(new Error('Invalid file type,only JPEG and PNG is allowed!'),false);
  }
}

const upload = multer({
  fileFilter,storage: multerS3({
    acl: 'private',s3,bucket: 'acc-partner',metadata: function (req,cb) {
      cb(null,{
        fieldName: 'TESTING_MetaDATA'
      });
    },key: function (req,Date.now().toString())
    }
  })
});

module.exports = upload;

const express = require('express');
const router = express.Router();
const UserCtrl = require('../controllers/user');

const upload = require('../services/image-upload');

const singleUpload = upload.single('image');


router.post('/image-upload',UserCtrl.authMiddleware,function(req,res) {
  singleUpload(req,res,function(err) {
    if (err) {
      return res.status(422).send({errors: [{title: 'Image Upload Error',detail: err.message}]});
    }

    return res.json({'imageUrl': req.file.location});
  });
});

module.exports = router;

邮递员错误

{
    "errors": [
        {
            "title": "Image Upload Error","detail": "access Denied"
        }
    ]
}

picture of error picture of setting in aws

cbslhw628 回答:将图片上传到S3时访问被拒绝

这是因为您尚未设置存储桶的公共策略(如我在AWS映像中所见)。尝试将您的存储桶策略设置为公共(单击“存储桶策略”按钮)。

{
    "Version": "2008-10-17","Statement": [
        {
            "Sid": "AllowPublicRead","Effect": "Allow","Principal": {
                "AWS": "*"
            },"Action": "s3:GetObject","Resource": "arn:aws:s3:::acc-partner/*"
        }
    ]
}

您可以在https://awspolicygen.s3.amazonaws.com/policygen.html处使用策略生成器。

,

您为其生成访问密钥的IAM用户没有对要放入映像的s3存储桶的PUT访问权限。

对于与您的配置文件中指定的访问密钥相关联的用户,请转到IAM仪表板,并创建具有以下权限的新策略:

{
    "Version": "2012-10-17","Statement": [
        {
            "Effect": "Allow","Action": "s3:PutObject","Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        }
    ]
}

要进一步将请求限制为仅来自ec2服务器的那些PUT请求,请转到ec2仪表板,保留静态ip地址,然后改用以下策略:

{
    "Version": "2012-10-17","Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*","Condition": {
                "IpAddress": {
                    "aws:SourceIp": "YOUR_STATIC_IP_ADDRESS/16"
                }
            }
        }
    ]
}

完成后,将新策略附加到IAM控制台中的用户。

,

您需要设置策略以允许您的IAM用户(示例中具有AWS_SECRET_ACCESS_KEY和AWS_ACCESS_KEY_ID的用户)上传数据。

该策略应如下所示:

{
   "Version":"2012-10-17","Statement":[
      {
         "Effect":"Allow","Action":[
            "s3:PutObject","s3:PutObjectAcl"
         ],"Principal": {
          "AWS": [
            "arn:aws:iam::123exampleaccountID:user/Jane"
          ]
         },"Resource":"arn:aws:s3:::acc-partner/*"
      }
   ]
}

这样做是为了让您的IAM用户(您应将arn:aws:iam::123exampleaccountID:user/Jane替换为IAM用户ARN)。

amazon-s3node.js
本文链接:https://www.f2er.com/3102486.html

大家都在问