using role instead of keys to get signed url in s3

2020-04-12 09:41发布

问题:

I tried if I use access key, it works fine but I am trying to get ride of access key and using role instead, but once I get ride of access key. what I get in return is www.aws.amazon.com

    const AWS = require('aws-sdk');
    const s3 = new AWS.S3();
    const params = {Bucket: config.bucket, Expires: config.time, Key};
    const url = s3.getSignedUrl('getObject', params);
    console.log('The URL is', url);

I even made sure my role is set right by going into my ec2 and run the cli command aws s3 presign s3://bucket/path/file which works fine I get the signed url in return though so this means my role is correct isn't it?

Thanks in advance for any advice / help.

回答1:

You can't use getSignedUrl() synchronously when using IAM roles.

Note: You must ensure that you have static or previously resolved credentials if you call this method synchronously (with no callback), otherwise it may not properly sign the request. If you cannot guarantee this (you are using an asynchronous credential provider, i.e., EC2 IAM roles), you should always call this method with an asynchronous callback.

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#getSignedUrl-property

s3.getSignedUrl('getObject', params, function (err, url) {
  console.log('The URL is', url);
});