csc*_*can 7 amazon-s3 amazon-web-services amazon-iam
我有一个 lambda 尝试将一个对象放入 S3 存储桶中。
配置s3客户端的代码如下:
const configuration: S3ClientConfig = {
region: 'us-west-2',
};
if (process.env.DEVELOPMENT_MODE) {
configuration.credentials = {
accessKeyId: process.env.AWS_ACCESS_KEY!,
secretAccessKey: process.env.AWS_SECRET_KEY!,
}
}
export const s3 = new S3Client(configuration);
上传文件的代码如下:
s3.send(new PutObjectCommand({
Bucket: bucketName,
Key: fileName,
ContentType: contentType,
Body: body,
}))
这在本地有效。lambda 的角色包括一个策略,该策略又包含以下语句:
{
"Action": [
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME/*"
],
"Effect": "Allow"
}
但是,当我调用此 lambda 时,它会失败并显示以下堆栈跟踪
Error: Resolved credential object is not valid
at SignatureV4.validateResolvedCredentials (webpack://backend/../node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/signature-v4/dist-es/SignatureV4.js?:307:19)
at SignatureV4.eval (webpack://backend/../node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/signature-v4/dist-es/SignatureV4.js?:50:30)
at step (webpack://backend/../node_modules/tslib/tslib.es6.js?:130:23)
at Object.eval [as next] (webpack://backend/../node_modules/tslib/tslib.es6.js?:111:53)
at fulfilled (webpack://backend/../node_modules/tslib/tslib.es6.js?:101:58)
我正在使用(当前)最新的 javascript aws sdk,版本 3.165.0。我在这里缺少什么?
问题是我试图从环境变量加载配置凭证,而不是依赖 IAM 角色。结果process.env.DEVELOPMENT_MODE是解析为 string'true'而不是 boolean true。
if (process.env.DEVELOPMENT_MODE === 'true') {
configuration.credentials = {
accessKeyId: process.env.AWS_ACCESS_KEY!,
secretAccessKey: process.env.AWS_SECRET_KEY!,
}
}
| 归档时间: |
|
| 查看次数: |
8406 次 |
| 最近记录: |