过去几个小时我一直在尝试设置从 S3 到我的谷歌存储桶的传输。
创建传输时,我不断收到的错误是:“访问密钥无效。请确保 S3 存储桶的访问密钥正确,或将存储桶权限设置为授予所有人。”
访问密钥和秘密都是正确的,因为它们当前在生产中用于 S3 完全访问。
有几点需要注意:
- 在 S3 存储桶上启用了 CORS
- 存储桶策略仅允许经过身份验证的 AWS 用户列出/查看其内容
- S3 需要签名 URL 才能访问
存储桶政策:
{
"Version": "2008-10-17",
"Id": "Policy234234234",
"Statement": [
{
"Sid": "Stmt234234",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObjectAcl",
"s3:RestoreObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObjectVersionAcl",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:PutObject",
"s3:GetObjectVersionAcl"
],
"Resource": "arn:aws:s3:::mybucket/*"
},
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity xyzmatey"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*"
},
{
"Sid": "3",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::mybucket"
}
]
}
CORS 政策
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://www.mywebsite.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>AUTHORIZATION</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedHeader>AUTHORIZATION</AllowedHeader>
</CORSRule>
</CORSConfiguration>
知道我哪里出错了吗?
编辑:我已经设置了gsutil
工具在谷歌计算实例上,并在确切的存储桶上使用相同的AWS密钥进行了复制。工作起来就像一个魅力..