最近在AWS上開發部署應用。
看了這篇關於AWS中國區填坑的文章,結合自己使用AWS的經歷,補充兩個我自己填的坑。
http://www.jianshu.com/p/0d0fd39a40c9?utm_source=tuicool&utm_medium=referral
1. V4 簽名認證
官方文檔中給出的例子:
import boto3 s3 = boto3.resource('s3') s3.meta.client.upload_file('/tmp/hello.txt', 'mybucket', 'hello.txt')
運行之后會出現如下錯誤:
An error occurred (InvalidRequest) when calling the GetBucketLifecycle operation: Missing required header for this request: x-amz-content-sha256
在文檔中找到如下的解釋。概括講就是以后AWS S3 要使用第四版的簽名認證了。尤其是亞太地區新建的服務器。
========================
Protect against reuse of the signed portions of the request – The signed portions (using AWS
Signatures) of requests are valid within 15 minutes of the timestamp in the request. An unauthorized
party who has access to a signed request can modify the unsigned portions of the request without
affecting the request's validity in the 15 minute window. Because of this, we recommend that you
maximize protection by signing request headers and body, making HTTPS requests to Amazon S3,
and by using the s3:x-amz-content-sha256 condition key (see Amazon S3 Signature Version 4
Authentication Specific Policy Keys (p. 50)) in AWS policies to require users to sign S3 request bodies.
Note
Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests
to AWS services, in all AWS regions. At this time, AWS regions created before January 30, 2014
will continue to support the previous protocol, Signature Version 2. Any new regions after January
30, 2014 will support only Signature Version 4 and therefore all requests to those regions must
be made with Signature Version 4. For more information about AWS Signature Version 2, see
Signing and Authenticating REST Requests in the Amazon Simple Storage Service Developer
Guide.
======================
但是坑爹的是,他沒有告訴怎么添加這個header。
好在boto3是Python API,直接去源碼中找答案。
import boto3 from botocore.client import Config s3 = boto3.resource('s3', config=Config(signature_version='s3v4')) s3.meta.client.upload_file('/tmp/hello.txt', 'mybucket', 'hello.txt')
2. 區域命名
使用過AWS的都應該知道,需要選擇服務器所在區域,即region。
但是在boto所提供的文檔中,卻沒有提供區域與region的對照。
例如:你選擇亞太地區(首爾)-- Asia Pacific (Seoul), 但如果你設置region為‘Seoul’,就會有‘’access abort‘’的錯誤。
如果要設置region,請參考下表
AWS區域設置對照表
| us-east-1 | 美國東部(弗吉尼亞北部) | US East (N. Virginia) |
| us-west-1 | 美國西部(加利福尼亞北部) | US West (N. California) |
| us-west-2 | 美國西部(俄勒岡) | US West (Oregon) |
| ap-northeast-1 | 亞太地區(東京) | Asia Pacific (Tokyo) |
| ap-southeast-1 | 亞太地區(新加坡) | Asia Pacific (Singapore) |
| ap-southeast-2 | 亞太地區(悉尼) | Asia Pacific (Sydney) |
| ap-northeast-2 | 亞太地區(首爾) | Asia Pacific (Seoul) |
| eu-west-1 | 歐洲(愛爾蘭) | EU (Ireland) |
| eu-central-1 | 歐洲(法蘭克福) | EU (Frankfurt) |
| sa-east-1 | 南美洲(聖保羅) | South America (Sao Paulo) |
| cn-north-1 | 中國(北京) | cn-north-1 |