AWS SDK在创建批注帖子时在X

AWS SDK在创建批注帖子时在X-Amz-Credential中不包括访问密钥（AKID），但仅限于Heroku(AWS SDK not including Access Key (AKID) in X-Amz-Credential when creating presigned post, but only on Heroku)

我正在做一个直接上传S3的工作，并且我有这样宣布的批准职位：

@s3_direct_post = S3_BUCKET.presigned_post(key: "images/#{SecureRandom.uuid}/${filename}", success_action_status: '201', acl: 'public-read', allow_any: ['utf8', 'authenticity_token'])

在开发环境中，它正确地构建了一切，我得到了这样的东西：

{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}

但是当我把它推到Heroku后，我得到了这样的东西：

{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}

现在我的访问密钥（AKID）不再存在，我得到这个错误：

<Error><Code>InvalidArgument</Code><Message>a non-empty Access Key (AKID) must be provided in the credential.</Message><ArgumentName>X-Amz-Credential</ArgumentName><ArgumentValue>/20180505/us-east-1/s3/aws4_request</ArgumentValue><RequestId>%REQUESTID%</RequestId><HostId>%HOSTID%</HostId></Error>

我的AWS凭证在initalizers / aws.rb中声明，因此它们不依赖于环境类型。 什么可能造成这种情况？

编辑（显示我如何声明S3_BUCKET是一个常量，我在aws.rb中初始化）：

Aws.config.update({ region: 'us-east-1', credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']) })

S3_BUCKET = Aws::S3::Resource.new.bucket(ENV['S3_BUCKET'])

此外，两个预先登记的对象之间的区别：

"x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request"

"x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request"

I am doing a direct to S3 upload, and I have the presigned post declared like this:

@s3_direct_post = S3_BUCKET.presigned_post(key: "images/#{SecureRandom.uuid}/${filename}", success_action_status: '201', acl: 'public-read', allow_any: ['utf8', 'authenticity_token'])

When in the development environment, it builds everything correctly and I get something like this:

{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}

But after I push it to Heroku, I get something like this:

{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}

Now that my Access Key (AKID) is no longer there, I get this error:

<Error><Code>InvalidArgument</Code><Message>a non-empty Access Key (AKID) must be provided in the credential.</Message><ArgumentName>X-Amz-Credential</ArgumentName><ArgumentValue>/20180505/us-east-1/s3/aws4_request</ArgumentValue><RequestId>%REQUESTID%</RequestId><HostId>%HOSTID%</HostId></Error>

My AWS credentials are declared in initalizers/aws.rb, so they are not dependent on the environment type. What could possibly be causing this?

Edit (showing how I declare the S3_BUCKET is a constant I initialize in aws.rb):

Aws.config.update({ region: 'us-east-1', credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']) })

S3_BUCKET = Aws::S3::Resource.new.bucket(ENV['S3_BUCKET'])

Also, the difference between the two presigned-post objects:

"x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request"

"x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request"

最满意答案

你不应该在你的git仓库中提交你的凭证，所以你应该确保在你的初始化程序中：

在config / initializers / credentials.rb中

AWS_ACCESS_KEY_ID = ENV['AWS_ACCESS_KEY_ID'] AWS_SECRET_ACCESS_KEY = ENV['AWS_SECRET_ACCESS_KEY']

并使用heroku-cli在您的应用上配置您的凭证

heroku config:set AWS_ACCESS_KEY_ID=someLongHashKey AWS_SECRET_ACCESS_KEY=anotherLongHashKey --app my_app_name # see heroku config --help

但是您的错误可能与AWS SDK Presigned Post Ruby有关

并参阅https://docs.aws.amazon.com/sdkforruby/api/Aws/S3/PresignedPost.html

如果这没有帮助，发布你如何定义Aws::S3::PresignedPost.new

最后，请仔细检查以确保您在heroku中正确设置了您的环境变量

heroku config --app my_app_name #use your actual app name of course

You should not commit your credentials in your git repository so you should make sure in your initializer:

in config/initializers/credentials.rb

AWS_ACCESS_KEY_ID = ENV['AWS_ACCESS_KEY_ID'] AWS_SECRET_ACCESS_KEY = ENV['AWS_SECRET_ACCESS_KEY']

And use heroku-cli to configure your credentials on your app

heroku config:set AWS_ACCESS_KEY_ID=someLongHashKey AWS_SECRET_ACCESS_KEY=anotherLongHashKey --app my_app_name # see heroku config --help

But your error may have to do with AWS SDK Presigned Post Ruby

and see https://docs.aws.amazon.com/sdkforruby/api/Aws/S3/PresignedPost.html

If that doesn't help, post how you're defining Aws::S3::PresignedPost.new

Finally, double check to make sure you've set your environment variables correctly in heroku

heroku config --app my_app_name #use your actual app name of course