php 在 AWS 上执行“PutObject”时出错,上传失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34455410/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Error executing "PutObject" on AWS, upload fails
提问by LenB
I have established an AWS acct. and am trying to do my first programmatic PUT into S3. I have used the console to create a bucket and put things there. I have also created a subdirectory (myFolder) and made it public. I created my .aws/credentials file and have tried using the sample codes but I get the following error:
我已经建立了一个 AWS 账户。并且正在尝试将我的第一个程序化 PUT 放入 S3。我使用控制台创建了一个存储桶并将东西放在那里。我还创建了一个子目录 (myFolder) 并将其设为公开。我创建了 .aws/credentials 文件并尝试使用示例代码,但出现以下错误:
Error executing "PutObject" on "https://s3.amazonaws.com/gps-photo.org/mykey.txt"; AWS HTTP error: Client error:
PUT https://s3.amazonaws.com/gps-photo.org/mykey.txtresulted in a403 Forbiddenresponse:AccessDeniedAccess DeniedFC49CD (truncated...) AccessDenied (client): Access Denied -AccessDeniedAccess DeniedFC49CD15567FB9CD1GTYxjzzzhcL+YyYsuYRx4UgV9wzTCQJX6N4jMWwA39PFaDkK2B9R+FZf8GVM6VvMXfLyI/4abo=
在“ https://s3.amazonaws.com/gps-photo.org/mykey.txt”上执行“PutObject”时出错;AWS HTTP 错误:客户端错误:
PUT https://s3.amazonaws.com/gps-photo.org/mykey.txt导致403 Forbidden响应AccessDenied:访问被拒绝FC49CD(截断...)访问被拒绝(客户端):访问被拒绝 -AccessDenied访问被拒绝 FC49CD15567FB9CD1GTYxjzzzhcL+YyYsuYRx4UgV9wzTCQJX6N4jMWwA39PFaDkKFMX4B9FVM=
My code is
我的代码是
<?php
// Include the AWS SDK using the Composer autoloader.
require '/home/berman/vendor/autoload.php';
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
$bucket = 'gps-photo.org';
$keyname = 'my-object-key';
// Instantiate the client.
$s3 = S3Client::factory(array(
'profile' => 'default',
'region' => 'us-east-1',
'version' => '2006-03-01'
));
try {
// Upload data.
$result = $s3->putObject(array(
'Bucket' => $bucket,
'Key' => "myFolder/$keyname",
'Body' => 'Hello, world!',
'ACL' => 'public-read'
));
// Print the URL to the object.
echo $result['ObjectURL'] . "\n";
} catch (S3Exception $e) {
echo $e->getMessage() . "\n";
}
If anyone can help me out, that would be great. Thanks. --Len
如果有人可以帮助我,那就太好了。谢谢。--莱恩
回答by Braden Boggs
It looks like the same issue I ran into. Add a AmazonS3FullAccess policy to your AWS account.
看起来和我遇到的问题一样。将 AmazonS3FullAccess 策略添加到您的 AWS 账户。
- Log into AWS.
- Under Services select IAM.
- Select Users > [Your User]
- Open Permissoins Tab
- Attach the AmazonS3FullAccess policy to the account
- 登录 AWS。
- 在服务下选择 IAM。
- 选择用户 > [您的用户]
- 打开权限选项卡
- 将 AmazonS3FullAccess 策略附加到账户
回答by iRviNe48
I facing same problem and found the solution as below.
我面临同样的问题,并找到了如下解决方案。
remove line
删除线
'ACL' => 'public-read'
'ACL' => '公开阅读'
default permission with list, read, and write but without permission for change object specific permission (PutObjectAcl in AWS policy).
具有列表、读取和写入的默认权限,但没有更改对象特定权限的权限(AWS 策略中的 PutObjectAcl)。
回答by MrG
Braden's approach will work, but it is dangerous. The user will have full access to all your S3 buckets and the ability to log into the console. If the credentials used in the site are compromised, well...
布雷登的方法会奏效,但很危险。用户将拥有对所有 S3 存储桶的完全访问权限并能够登录到控制台。如果站点中使用的凭据遭到破坏,那么...
A safer approach is:
更安全的方法是:
- AWS Console -> IAM -> Policies -> Create policy
- Service = S3
- Actions = (only the minimum required, e.g. List and Read)
- Resources -> Specific -> bucket -> Add ARN (put the ARN of only the buckets needed)
- Resources -> Specific -> object -> check Any or put the ARN's of specific objects
- Review and Save to create policy
- AWS Console -> IAM -> Users -> Add user
- Access type -> check "Programmatic access" only
- Next:Permissions -> Attach existing policies directly
- Search and select your newly created policy
- Review and save to create user
- AWS 控制台 -> IAM -> 策略 -> 创建策略
- 服务 = S3
- Actions =(仅最低要求,例如 List 和 Read)
- Resources -> Specific -> bucket -> Add ARN(只放需要的bucket的ARN)
- 资源 -> 特定 -> 对象 -> 检查 Any 或放置特定对象的 ARN
- 查看并保存以创建策略
- AWS 控制台 -> IAM -> 用户 -> 添加用户
- 访问类型 -> 仅选中“程序访问”
- 下一篇:权限 -> 直接附加现有策略
- 搜索并选择您新创建的策略
- 查看并保存以创建用户
In this way you will have a user with only the needed access.
通过这种方式,您将拥有一个仅具有所需访问权限的用户。
回答by Denault
The 403 suggests that your key is incorrect, or the path to key is not correct. Have you verified that the package is loading the correct key in /myFolder/$keyname?
403 提示您的密钥不正确,或者密钥的路径不正确。您是否已验证该包是否加载了正确的密钥/myFolder/$keyname?
Might be helpful to try something simpler (instead of worrying about upload filetypes, paths, permissions, etc.) to debug.
尝试一些更简单的东西(而不是担心上传文件类型、路径、权限等)来调试可能会有所帮助。
$result = $client->listBuckets();
foreach ($result['Buckets'] as $bucket) {
// Each Bucket value will contain a Name and CreationDate
echo "{$bucket['Name']} - {$bucket['CreationDate']}\n";
}
Taken from http://docs.aws.amazon.com/aws-sdk-php/v2/guide/service-s3.htmlAlso check out the service builder there.
取自http://docs.aws.amazon.com/aws-sdk-php/v2/guide/service-s3.html还要查看那里的服务构建器。
回答by LenB
The problem was a lack of permissions on the bucket themselves once I added those everything worked fine.
问题是一旦我添加了那些一切正常的存储桶本身就缺乏权限。
回答by JPaulino
Assuming that you have all the required permissions, if you are getting this error, but are still able to upload, check the bucket permissions section under your bucket, and try disabling (uncheck) "Block all public access," and see if you still get the error. You can enable this option again if you want to.
假设您拥有所有必需的权限,如果您收到此错误,但仍然可以上传,请检查您的存储桶下的存储桶权限部分,并尝试禁用(取消选中)“阻止所有公共访问”,看看您是否仍然得到错误。如果需要,您可以再次启用此选项。
This is an extra security setting/policy that AWS adds to prevent changing the object permissions.
If your app gives you problems or generates the warning, first look at the code and see if you are trying to change any permissions (which you may not want to). You can also customize these settings to better suit your needs.
这是 AWS 添加的一项额外安全设置/策略,以防止更改对象权限。如果您的应用程序给您带来问题或产生警告,请首先查看代码并查看您是否正在尝试更改任何权限(您可能不希望这样做)。您还可以自定义这些设置以更好地满足您的需求。
Again, you can customize this settings by clicking your S3 bucket, permissions/ edit.
同样,您可以通过单击您的 S3 存储桶、权限/编辑来自定义此设置。
回答by ace.spades
I got the same error issue. Project is laravel vue, I'm uploading file using axios to s3.
我遇到了同样的错误问题。项目是laravel vue,我正在使用axios将文件上传到s3。
I'm using vagrant homestead as my server. Turns out the time on the virtual box server is not correct. I had to update it with the correct UTC time. After updating to correct time which I took from the s3 error it worked fine.
我使用 vagrant homestead 作为我的服务器。原来虚拟机服务器上的时间不正确。我必须用正确的 UTC 时间更新它。更新到我从 s3 错误中获取的正确时间后,它运行良好。
Error: I have removed sensitive information
错误:我已删除敏感信息
message: "Error executing "PutObject" on "https://url"; AWS HTTP error: Client error: `PUT https://url` resulted in a `403 Forbidden` response:?<?xml version="1.0" encoding="UTF-8"?>?<Error><Code>RequestTimeTooSkewed</Code><Message>The difference between the reque (truncated...)? RequestTimeTooSkewed (client): The difference between the request time and the current time is too large. - <?xml version="1.0" encoding="UTF-8"?>?<Error><Code>RequestTimeTooSkewed</Code><Message>The difference between the request time and the current time is too large.</Message><RequestTime>20190225T234631Z</RequestTime><ServerTime>2019-02-25T15:47:39Z</ServerTime><MaxAllowedSkewMilliseconds>900000</MaxAllowedSkewMilliseconds><RequestId>-----</RequestId><HostId>----</HostId></Error>"
Before:
前:
vagrant@homestead:~$ date
Wed Feb 20 19:13:34 UTC 2019
After:
后:
vagrant@homestead:~$ date
Mon Feb 25 15:47:01 UTC 2019
