Fel*_*ell 5 amazon-s3 amazon-web-services amazon-ecs amazon-vpc aws-sdk-nodejs
我一直在尝试为在 ECS 中运行的 web 应用程序设置简单的 S3 图像上传功能。ECS 集群是由系统管理员设置的,我不再获得帮助,但每个上传请求都会返回此错误:
{ AccessDenied: Access Denied
at Request.extractError (/www/node_modules/aws-sdk/lib/services/s3.js:585:35)
at Request.callListeners (/www/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/www/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/www/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/www/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/www/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /www/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/www/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/www/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/www/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at Request.emit (/www/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/www/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/www/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/www/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /www/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/www/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/www/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/www/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at callNextListener (/www/node_modules/aws-sdk/lib/sequential_executor.js:96:12)
at IncomingMessage.onEnd (/www/node_modules/aws-sdk/lib/event_listeners.js:299:13)
at ZoneDelegate.invokeTask (/www/node_modules/zone.js/dist/zone-node.js:423:31)
at Zone.runTask (/www/node_modules/zone.js/dist/zone-node.js:195:47)
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: 2019-07-25T20:59:24.717Z,
requestId: '5E0BB7DDFAF2013F',
extendedRequestId:
'UAFzo69NlfPqSIXKUUIrpvBqdj97v/xMfOxdbRfFK2rLuO06Sb/zmjTxA5/beimDuEEaq53ntdk=',
cfId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 70.57095033673187 }
发出请求的代码是:
import S3 = require('aws-sdk/clients/s3');
config.update({ region: 'us-west-2' });
const s3 = new S3();
...
private async handleLogoUpload(id: string, dto: UpdateCustomerDto): Promise<string> {
const filePath = `${TMP_DIR}/${dto.logoUrl[0].name}`;
const logoFile = await readAsync(filePath);
const uploadData = await s3.upload({
Key: id, Bucket: 'sm-logo', Body: logoFile, ACL: 'public-read',
}).promise();
return deleteAsync(filePath).then(() => uploadData.Location);
}
我已经尝试了本文中的所有内容:https://aws.amazon.com/premiumsupport/knowledge-center/s3-403-upload-bucket/
ECS实例任务执行角色具有以下策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
Bucket本身具有公共读/写权限。
我将 S3 的端点添加到了 VPC。
VPC 允许所有出站流量,并且 VPC 上的另一个容器可以毫无问题地访问 S3。
我已经无计可施了。我上面尝试过的任何方法都不起作用,而且我似乎找不到其他有类似问题的人。它在本地工作,所以我认为这是一个网络问题,但我不知所措。
默认情况下,Amazon S3 阻止公共访问 \xe2\x80\x93 为您的账户和存储桶提供另一层保护 | AWS 新闻博客将阻止存储桶和对象被公开访问。
\n\n您可以有选择地关闭此功能以允许:
\n\n仅当您同意所有内容(或子目录)可公开访问时才使用存储桶策略。
\n\n它在 AWS CLI 中运行的原因是它没有指定--acl public-read. 但是,当代码指定ACL: \'public-read\',请求被阻止。
因此,您应该关闭这些选项:
\n\n| 归档时间: |
|
| 查看次数: |
5482 次 |
| 最近记录: |