本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
產生預先簽章 URL 以將物件上傳至 S3 on Outposts 儲存貯體
若要授予對存放在本機 Outpost 上物件的有限時間存取權限,而不會更新儲存貯體政策,您可以使用預先簽章 URL。使用預先簽章 URL,身為儲存貯體擁有者的您可以與虛擬私有雲端 (VPC) 中的個人共享物件,或授予他們上傳或刪除物件的能力。
當您使用 AWS SDKs或 AWS Command Line Interface (AWS CLI) 建立預先簽章的 URL 時,您可以將 URL 與特定動作建立關聯。您也可以選擇自訂到期時間 (最低 1 秒,最高 7 天) 來授予預先簽章 URL 有限時間的存取權。當您共用預先簽章 URL 時,VPC 中的個人可以執行內嵌在 URL 中的動作,如同原始簽章使用者一樣。當 URL 到達到期時間時,該 URL 就會過期且再也無法運作。
當您建立預先簽章 URL 時,必須提供安全憑證,然後指定下列項目:
預先簽章 URL 僅在指定的期間內有效。也就是說,您必須在到期日期和時間之前開始 URL 所允許的操作。您可以多次使用預先簽章 URL,直到到期日期和時間為止。如果使用暫時字符建立了預先簽章的 URL,那麼 URL 會在字符過期時過期,即使您使用較晚的過期時間建立 URL 亦然。
如果預先簽章的 URL 所允許的動作包含多個步驟 (例如分段上傳),則您必須在到期之前開始所有步驟。如果 S3 on Outposts 嘗試以過期 URL 開始步驟時,您會收到錯誤。
虛擬私有雲端 (VPC) 中可存取預先簽章 URL 的使用者可以上傳物件。例如,VPC 中具有可存取預先簽章 URL 的使用者可以將物件上傳到您的儲存貯體。由於預先簽章 URL 會將 S3 on Outposts 儲存貯體的存取權授予 VPC 中擁有預先簽章 URL 存取權的任何使用者,因此我們建議您妥善保護這些 URL。如需有關保護預先簽署 URL 的詳細資訊,請參閱限制預先簽章的 URL 功能。
任何具備有效安全憑證的使用者,均可建立預先簽章的 URL。然而,只有具備許可執行作為預先簽章 URL 基礎操作的人員,才能建立預先簽章 URL。如需詳細資訊,請參閱誰可以建立預先簽章的 URL。
使用 AWS SDKs為 S3 on Outposts 物件操作產生預先簽章的 URL
- Java
-
- SDK for Java 2.x
-
此範例顯示如何產生可以於限定時間內用來將物件上傳至 S3 on Outposts 儲存貯體的預先簽章 URL。如需詳細資訊,請參閱使用適用於 S3 on OutOutposts 的預先簽章 URL。
public static void signBucket(S3Presigner presigner, String outpostAccessPointArn, String keyName) {
try {
PutObjectRequest objectRequest = PutObjectRequest.builder()
.bucket(accessPointArn)
.key(keyName)
.contentType("text/plain")
.build();
PutObjectPresignRequest presignRequest = PutObjectPresignRequest.builder()
.signatureDuration(Duration.ofMinutes(10))
.putObjectRequest(objectRequest)
.build();
PresignedPutObjectRequest presignedRequest = presigner.presignPutObject(presignRequest);
String myURL = presignedRequest.url().toString();
System.out.println("Presigned URL to upload a file to: " +myURL);
System.out.println("Which HTTP method must be used when uploading a file: " +
presignedRequest.httpRequest().method());
// Upload content to the S3 on Outposts bucket by using this URL.
URL url = presignedRequest.url();
// Create the connection and use it to upload the new object by using the presigned URL.
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type","text/plain");
connection.setRequestMethod("PUT");
OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream());
out.write("This text was uploaded as an object by using a presigned URL.");
out.close();
connection.getResponseCode();
System.out.println("HTTP response code is " + connection.getResponseCode());
} catch (S3Exception e) {
e.getStackTrace();
} catch (IOException e) {
e.getStackTrace();
}
}
- Python
-
- SDK for Python (Boto3)
-
此範例顯示如何產生可於限定時間內執行 S3 on Outposts 動作的預先簽章 URL。如需詳細資訊,請參閱使用適用於 S3 on OutOutposts 的預先簽章 URL。若要使用 URL 提出請求,請使用 Requests 套件。
import argparse
import logging
import boto3
from botocore.exceptions import ClientError
import requests
logger = logging.getLogger(__name__)
def generate_presigned_url(s3_client, client_method, method_parameters, expires_in):
"""
Generate a presigned S3 on Outposts URL that can be used to perform an action.
:param s3_client: A Boto3 Amazon S3 client.
:param client_method: The name of the client method that the URL performs.
:param method_parameters: The parameters of the specified client method.
:param expires_in: The number of seconds that the presigned URL is valid for.
:return: The presigned URL.
"""
try:
url = s3_client.generate_presigned_url(
ClientMethod=client_method,
Params=method_parameters,
ExpiresIn=expires_in
)
logger.info("Got presigned URL: %s", url)
except ClientError:
logger.exception(
"Couldn't get a presigned URL for client method '%s'.", client_method)
raise
return url
def usage_demo():
logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s')
print('-'*88)
print("Welcome to the Amazon S3 on Outposts presigned URL demo.")
print('-'*88)
parser = argparse.ArgumentParser()
parser.add_argument('accessPointArn', help="The name of the S3 on Outposts access point ARN.")
parser.add_argument(
'key', help="For a GET operation, the key of the object in S3 on Outposts. For a "
"PUT operation, the name of a file to upload.")
parser.add_argument(
'action', choices=('get', 'put'), help="The action to perform.")
args = parser.parse_args()
s3_client = boto3.client('s3')
client_action = 'get_object' if args.action == 'get' else 'put_object'
url = generate_presigned_url(
s3_client, client_action, {'Bucket': args.accessPointArn, 'Key': args.key}, 1000)
print("Using the Requests package to send a request to the URL.")
response = None
if args.action == 'get':
response = requests.get(url)
elif args.action == 'put':
print("Putting data to the URL.")
try:
with open(args.key, 'r') as object_file:
object_text = object_file.read()
response = requests.put(url, data=object_text)
except FileNotFoundError:
print(f"Couldn't find {args.key}. For a PUT operation, the key must be the "
f"name of a file that exists on your computer.")
if response is not None:
print("Got response:")
print(f"Status: {response.status_code}")
print(response.text)
print('-'*88)
if __name__ == '__main__':
usage_demo()
