我正在做一个直接上传S3的工作,并且我有这样宣布的批准职位:
@s3_direct_post = S3_BUCKET.presigned_post(key: "images/#{SecureRandom.uuid}/${filename}", success_action_status: '201', acl: 'public-read', allow_any: ['utf8', 'authenticity_token'])在开发环境中,它正确地构建了一切,我得到了这样的东西:
{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}但是当我把它推到Heroku后,我得到了这样的东西:
{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}现在我的访问密钥(AKID)不再存在,我得到这个错误:
<Error><Code>InvalidArgument</Code><Message>a non-empty Access Key (AKID) must be provided in the credential.</Message><ArgumentName>X-Amz-Credential</ArgumentName><ArgumentValue>/20180505/us-east-1/s3/aws4_request</ArgumentValue><RequestId>%REQUESTID%</RequestId><HostId>%HOSTID%</HostId></Error>我的AWS凭证在initalizers / aws.rb中声明,因此它们不依赖于环境类型。 什么可能造成这种情况?
编辑(显示我如何声明S3_BUCKET是一个常量,我在aws.rb中初始化):
Aws.config.update({ region: 'us-east-1', credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']) })
S3_BUCKET = Aws::S3::Resource.new.bucket(ENV['S3_BUCKET'])
此外,两个预先登记的对象之间的区别:
"x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request"
"x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request"
I am doing a direct to S3 upload, and I have the presigned post declared like this:
@s3_direct_post = S3_BUCKET.presigned_post(key: "images/#{SecureRandom.uuid}/${filename}", success_action_status: '201', acl: 'public-read', allow_any: ['utf8', 'authenticity_token'])When in the development environment, it builds everything correctly and I get something like this:
{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}But after I push it to Heroku, I get something like this:
{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}Now that my Access Key (AKID) is no longer there, I get this error:
<Error><Code>InvalidArgument</Code><Message>a non-empty Access Key (AKID) must be provided in the credential.</Message><ArgumentName>X-Amz-Credential</ArgumentName><ArgumentValue>/20180505/us-east-1/s3/aws4_request</ArgumentValue><RequestId>%REQUESTID%</RequestId><HostId>%HOSTID%</HostId></Error>My AWS credentials are declared in initalizers/aws.rb, so they are not dependent on the environment type. What could possibly be causing this?
Edit (showing how I declare the S3_BUCKET is a constant I initialize in aws.rb):
Aws.config.update({ region: 'us-east-1', credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']) })
S3_BUCKET = Aws::S3::Resource.new.bucket(ENV['S3_BUCKET'])
Also, the difference between the two presigned-post objects:
"x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request"
"x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request"
最满意答案
你不应该在你的git仓库中提交你的凭证,所以你应该确保在你的初始化程序中:
在config / initializers / credentials.rb中
AWS_ACCESS_KEY_ID = ENV['AWS_ACCESS_KEY_ID'] AWS_SECRET_ACCESS_KEY = ENV['AWS_SECRET_ACCESS_KEY']并使用heroku-cli在您的应用上配置您的凭证
heroku config:set AWS_ACCESS_KEY_ID=someLongHashKey AWS_SECRET_ACCESS_KEY=anotherLongHashKey --app my_app_name # see heroku config --help但是您的错误可能与AWS SDK Presigned Post Ruby有关
并参阅https://docs.aws.amazon.com/sdkforruby/api/Aws/S3/PresignedPost.html
如果这没有帮助,发布你如何定义Aws::S3::PresignedPost.new
最后,请仔细检查以确保您在heroku中正确设置了您的环境变量
heroku config --app my_app_name #use your actual app name of courseYou should not commit your credentials in your git repository so you should make sure in your initializer:
in config/initializers/credentials.rb
AWS_ACCESS_KEY_ID = ENV['AWS_ACCESS_KEY_ID'] AWS_SECRET_ACCESS_KEY = ENV['AWS_SECRET_ACCESS_KEY']And use heroku-cli to configure your credentials on your app
heroku config:set AWS_ACCESS_KEY_ID=someLongHashKey AWS_SECRET_ACCESS_KEY=anotherLongHashKey --app my_app_name # see heroku config --helpBut your error may have to do with AWS SDK Presigned Post Ruby
and see https://docs.aws.amazon.com/sdkforruby/api/Aws/S3/PresignedPost.html
If that doesn't help, post how you're defining Aws::S3::PresignedPost.new
Finally, double check to make sure you've set your environment variables correctly in heroku
heroku config --app my_app_name #use your actual app name of course更多推荐
发布评论