403 запрещено для загрузки через presigned_url
У меня 403 ошибка при загрузке заданного url
Сначала я выполнил s3.generate_presigned_post в локальном
temp = s3.generate_presigned_post(
"my-resource-bucket-v","test"
)
и получить url и fields
{'url': 'https://my-resource-bucket-v.s3.amazonaws.com/', 'fields': {'key': 'test', 'AWSAccessKeyId': 'AKIAZ3YPMLASV6736UA4', 'policy': 'eyJleHBpcmF0aW9uIjogIjIwMjItMDUtMDlUMDY6MDU6MTNaIiwgImNvbmRpdGlvbnMiOiBbeyJidWNrZXQiOiAic2kyLXMzLXNidS1qb2ItaHVudGluZy1keC10b2t5by1qeGMtc3RhdGljLXJlc291cmNlLXYifSwgeyJrZXkiOiAidGVzdCJ9XX0=', 'signature': 'F7E074YWIVwy4ZL2zXSv8YVTbyE='}}"
затем я пытаюсь загрузить следующее
curl -v -X POST \
-F key="{'key': 'test', 'AWSAccessKeyId': 'AKIAZ3YPMLASV6736UA4', 'policy': 'eyJleHBpcmF0aW9uIjogIjIwMjItMDUtMDlUMDY6MTE6MjhaIiwgImNvbmRpdGlvbnMiOiBbeyJidWNrZXQiOiAic2kyLXMzLXNidS1qb2ItaHVudGluZy1keC10b2t5by1qeGMtc3RhdGljLXJlc291cmNlLXYifSwgeyJrZXkiOiAidGVzdCJ9XX0=', 'signature': 'GNUthYj0cec9uIQjeJsuap7OTfk='}" \
-F policy="{'key': 'test', 'AWSAccessKeyId': 'AKIAZ3YPMLASV6736UA4', 'policy': 'eyJleHBpcmF0aW9uIjogIjIwMjItMDUtMDlUMDY6MTE6MjhaIiwgImNvbmRpdGlvbnMiOiBbeyJidWNrZXQiOiAic2kyLXMzLXNidS1qb2ItaHVudGluZy1keC10b2t5by1qeGMtc3RhdGljLXJlc291cmNlLXYifSwgeyJrZXkiOiAidGVzdCJ9XX0=', 'signature': 'GNUthYj0cec9uIQjeJsuap7OTfk='}" \
-F file=myimage.png https://my-resource-bucket-v/
Возвращается вот так.
Похоже, что загрузка проходит успешно, но запрещена по auth?
Я думаю, что политика ведра S3 не имеет отношения к presigned_url, Итак, где происходит ошибка разрешения?
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 52.219.196.109:443...
* Connected to my-resource-bucket-v.s3.amazonaws.com (52.219.196.109) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.s3.amazonaws.com
* start date: Dec 15 00:00:00 2021 GMT
* expire date: Dec 3 23:59:59 2022 GMT
* subjectAltName: host "my-resource-bucket-v.s3.amazonaws.com" matched cert's "*.s3.amazonaws.com"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
> POST / HTTP/1.1
> Host: my-resource-bucket-v.s3.amazonaws.com
> User-Agent: curl/7.77.0
> Accept: */*
> Content-Length: 941
> Content-Type: multipart/form-data; boundary=------------------------5a06682e8a44d108
>
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< x-amz-request-id: TBGPSXDQGM1JRAKV
< x-amz-id-2: NPU+clavFOAAUKCsc0wVb2Bi1Aeh86ce+k8J4vq6YSv+SCLC4bAzWSdbcgzhcYObU765goqg/Jw=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 May 2022 05:17:55 GMT
< Server: AmazonS3
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host my-resource-bucket-v.s3.amazonaws.com left intact
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>TBGPSXDQGM1JRAKV</RequestId><HostId>NPU+clavFOAAUKCsc0wVb2Bi1Aeh86ce+k8J4vq6YSv+SCLC4bAzWSdbcgzhcYObU765goqg/Jw=</HostId></Error>%