生成预签名 URL 以将对象上传到 S3 on Outposts 存储桶 - Amazon Simple Storage Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

生成预签名 URL 以将对象上传到 S3 on Outposts 存储桶

要授予对 Outpost 本地存储对象的限时访问权限而不更新存储桶策略,您可以使用预签名 URL。借助预签名 URL,作为存储桶的所有者,您可以与您虚拟私有云(VPC)中的个人共享对象,或者向其授予上传或删除对象的权限。

使用 Amazon SDK 或 Amazon Command Line Interface(Amazon CLI)创建预签名 URL 时,您会将该 URL 与某个特定的操作关联。您还可以通过选择自定义到期时间来授予对预签名 URL 的限时访问权限,自定义到期时间最短可为 1 秒,最长可为 7 天。共享预签名 URL 时,VPC 中的个人可以执行嵌入在 URL 中的操作,如同他们就是原始签名用户。URL 在到达其到期时间时将会过期,不再有效。

创建预签名 URL 时,必须提供您的安全凭证,然后指定以下内容:

  • 该 Amazon S3 on Outposts 存储桶的一个访问点 Amazon 资源名称(ARN)

  • 一个对象键

  • 一个 HTP 方法(PUT 用于上传对象)

  • 一个到期日期和时间

预签名 URL 仅在指定的有效期内有效。也就是说,您必须在到期日期和时间到达之前启动该 URL 允许的操作。在到期日期和时间到达之前,您可以多次使用预签名 URL。如果您已使用临时令牌创建预签名 URL,则此 URL 将在令牌过期时过期,即使创建的 URL 的到期时间更晚也是如此。

如果预签名 URL 允许的操作由多个步骤构成(例如分段上传),则必须在到期时间前启动所有步骤。如果 S3 on Outposts 尝试使用某个已过期的 URL 启动某个步骤,您将会遇到错误。

虚拟私有云(VPC)中有权访问预签名 URL 的用户可上传对象。例如,VPC 中有权访问预签名 URL 的用户可以将对象上传到您的存储桶。由于预签名 URL 将向 VPC 中有权访问预签名 URL 的任何用户授予访问 S3 on Outposts 存储桶的权限,我们建议您妥善保护这些 URL。有关保护预签名 URL 的更多详细信息,请参阅 限制预签名 URL 功能

具有有效安全凭证的任何人都可以创建预签名 URL。但必须由拥有执行预签名 URL 所基于的操作权限的人创建该预签名 URL。有关更多信息,请参阅谁可以创建预签名 URL

使用 Amazon SDK 为 S3 on Outposts 对象操作生成预签名 URL

Java
SDK for Java 2.x

此示例演示了如何生成一个预签名 URL,以便在限定时间内用于将对象上传到某个 S3 on Outposts 存储桶。有关更多信息,请参阅使用适用于 S3 on Outposts 的预签名 URL

public static void signBucket(S3Presigner presigner, String outpostAccessPointArn, String keyName) { try { PutObjectRequest objectRequest = PutObjectRequest.builder() .bucket(accessPointArn) .key(keyName) .contentType("text/plain") .build(); PutObjectPresignRequest presignRequest = PutObjectPresignRequest.builder() .signatureDuration(Duration.ofMinutes(10)) .putObjectRequest(objectRequest) .build(); PresignedPutObjectRequest presignedRequest = presigner.presignPutObject(presignRequest); String myURL = presignedRequest.url().toString(); System.out.println("Presigned URL to upload a file to: " +myURL); System.out.println("Which HTTP method must be used when uploading a file: " + presignedRequest.httpRequest().method()); // Upload content to the S3 on Outposts bucket by using this URL. URL url = presignedRequest.url(); // Create the connection and use it to upload the new object by using the presigned URL. HttpURLConnection connection = (HttpURLConnection) url.openConnection(); connection.setDoOutput(true); connection.setRequestProperty("Content-Type","text/plain"); connection.setRequestMethod("PUT"); OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream()); out.write("This text was uploaded as an object by using a presigned URL."); out.close(); connection.getResponseCode(); System.out.println("HTTP response code is " + connection.getResponseCode()); } catch (S3Exception e) { e.getStackTrace(); } catch (IOException e) { e.getStackTrace(); } }
Python
适用于 Python (Boto3) 的 SDK

此示例演示了如何生成可在限定时间内执行某个 S3 on Outposts 操作的预签名 URL。有关更多信息,请参阅使用适用于 S3 on Outposts 的预签名 URL。要使用该 URL 发出请求,请使用 Requests 程序包。

import argparse import logging import boto3 from botocore.exceptions import ClientError import requests logger = logging.getLogger(__name__) def generate_presigned_url(s3_client, client_method, method_parameters, expires_in): """ Generate a presigned S3 on Outposts URL that can be used to perform an action. :param s3_client: A Boto3 Amazon S3 client. :param client_method: The name of the client method that the URL performs. :param method_parameters: The parameters of the specified client method. :param expires_in: The number of seconds that the presigned URL is valid for. :return: The presigned URL. """ try: url = s3_client.generate_presigned_url( ClientMethod=client_method, Params=method_parameters, ExpiresIn=expires_in ) logger.info("Got presigned URL: %s", url) except ClientError: logger.exception( "Couldn't get a presigned URL for client method '%s'.", client_method) raise return url def usage_demo(): logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s') print('-'*88) print("Welcome to the Amazon S3 on Outposts presigned URL demo.") print('-'*88) parser = argparse.ArgumentParser() parser.add_argument('accessPointArn', help="The name of the S3 on Outposts access point ARN.") parser.add_argument( 'key', help="For a GET operation, the key of the object in S3 on Outposts. For a " "PUT operation, the name of a file to upload.") parser.add_argument( 'action', choices=('get', 'put'), help="The action to perform.") args = parser.parse_args() s3_client = boto3.client('s3') client_action = 'get_object' if args.action == 'get' else 'put_object' url = generate_presigned_url( s3_client, client_action, {'Bucket': args.accessPointArn, 'Key': args.key}, 1000) print("Using the Requests package to send a request to the URL.") response = None if args.action == 'get': response = requests.get(url) elif args.action == 'put': print("Putting data to the URL.") try: with open(args.key, 'r') as object_file: object_text = object_file.read() response = requests.put(url, data=object_text) except FileNotFoundError: print(f"Couldn't find {args.key}. For a PUT operation, the key must be the " f"name of a file that exists on your computer.") if response is not None: print("Got response:") print(f"Status: {response.status_code}") print(response.text) print('-'*88) if __name__ == '__main__': usage_demo()