Error executing “PutObject” on AWS, upload fails

问题:

I have established an AWS acct. and am trying to do my first programmatic PUT into S3. I have used the console to create a bucket and put things there. I have also created a subdirectory (myFolder) and made it public. I created my .aws/credentials file and have tried using the sample codes but I get the following error:

Error executing "PutObject" on "https://s3.amazonaws.com/gps-photo.org/mykey.txt"; AWS HTTP error: Client error: `PUT https://s3.amazonaws.com/gps-photo.org/mykey.txt` resulted in a `403 Forbidden` response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FC49CD (truncated...) AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message <RequestId>FC49CD15567FB9CD</RequestId><HostId>1GTYxjzzzhcL+YyYsuYRx4UgV9wzTCQJX6N4jMWwA39PFaDkK2B9R+FZf8GVM6VvMXfLyI/4abo=</HostId></Error> 

My code is

<?php  // Include the AWS SDK using the Composer autoloader. require '/home/berman/vendor/autoload.php'; use Aws\S3\S3Client; use Aws\S3\Exception\S3Exception; $bucket = 'gps-photo.org'; $keyname = 'my-object-key'; // Instantiate the client. $s3 = S3Client::factory(array(     'profile' => 'default',     'region' => 'us-east-1',     'version' => '2006-03-01' )); try {     // Upload data.     $result = $s3->putObject(array(         'Bucket' => $bucket,         'Key'    => "myFolder/$keyname",         'Body'   => 'Hello, world!',         'ACL'    => 'public-read'     ));     // Print the URL to the object.     echo $result['ObjectURL'] . "\n"; } catch (S3Exception $e) {     echo $e->getMessage() . "\n"; } 

If anyone can help me out, that would be great. Thanks. --Len

回答1:

It looks like the same issue I ran into. Add a AmazonS3FullAccess policy to your AWS account.

• Log into AWS.
• Under Services select IAM.
• Select Users > [Your User]
• Open Permissoins Tab
• Attach the AmazonS3FullAccess policy to the account

回答2:

The 403 suggests that your key is incorrect, or the path to key is not correct. Have you verified that the package is loading the correct key in /myFolder/$keyname?

Might be helpful to try something simpler (instead of worrying about upload filetypes, paths, permissions, etc.) to debug.

$result = $client->listBuckets(); foreach ($result['Buckets'] as $bucket) {     // Each Bucket value will contain a Name and CreationDate     echo "{$bucket['Name']} - {$bucket['CreationDate']}\n"; } 

Taken from http://docs.aws.amazon.com/aws-sdk-php/v2/guide/service-s3.html Also check out the service builder there.

回答3:

The problem was a lack of permissions on the bucket themselves once I added those everything worked fine.

回答4:

Braden's approach will work, but it is dangerous. The user will have full access to all your S3 buckets and the ability to log into the console. If the credentials used in the site are compromised, well...

A safer approach is:

1. AWS Console -> IAM -> Policies -> Create policy
2. Service = S3
3. Actions = (only the minimum required, e.g. List and Read)
4. Resources -> Specific -> bucket -> Add ARN (put the ARN of only the buckets needed)
5. Resources -> Specific -> object -> check Any or put the ARN's of specific objects
6. Review and Save to create policy
7. AWS Console -> IAM -> Users -> Add user
8. Access type -> check "Programmatic access" only
9. Next:Permissions -> Attach existing policies directly
10. Search and select your newly created policy
11. Review and save to create user

In this way you will have a user with only the needed access.

文章来源: Error executing “PutObject” on AWS, upload fails