适用于iOS的AWS开发工具包：无法列出S3存储桶中的文件

我按照第一步骤 here来配置凭据和S3存储桶.然后,在我的代码中,我有：

func setupCredentialsProvider() {
    let credentialsProvider = AWSCognitoCredentialsProvider(regionType:.USEast1,identityPoolId:identityPoolIdStr)
    let configuration = AWSServiceConfiguration(region:.USEast1,credentialsProvider:credentialsProvider)
    AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configuration

    AWSServiceConfiguration(region: AWSRegionType.USEast1,credentialsProvider: credentialsProvider)
}

func listObjects() {
    let s3 = AWSS3.defaultS3()

    let listObjectsRequest = AWSS3ListObjectsRequest()
    listObjectsRequest.bucket = S3BucketName
    s3.listObjects(listObjectsRequest).continueWithBlock { (task) -> AnyObject! in
        if let error = task.error {
            print("listObjects Failed: [\(error)]")
        }
        if let exception = task.exception {
            print("listObjects Failed: [\(exception)]")
        }
}

当我运行应用程序并调用listObjects()时,我收到此错误：

listObjects Failed: [Error Domain=com.amazonaws.AWSServiceErrorDomain Code=11 “(null)” UserInfo={HostId=,Message=Access Denied,Code=AccessDenied,RequestId=}]

我错过了什么？

解决方法

如果它与我遇到的问题类似,那么经过身份验证的Cognito用户无权访问特定的S3存储桶.阅读 Understanding Amazon Cognito Authentication Part 3: Roles and Policies给了我所需的线索,具体来说：

When you create your identity pool via the Cognito console,it will create two roles for you,one for authenticated users and one for unauthenticated users,but you can visit the IAM Console and create more roles than just these. You can also modify the existing roles to add support for additional services such as Amazon S3 or Amazon DynamoDB,depending on your use case.

所以我决定为经过身份验证的用户修改创建的角色,以允许访问我的S3存储桶：

>切换到您的IAM控制台并找到一个名为的角色：
xxxx_auth_yyy – auth子串是其中的重要部分
将角色标识为经过身份验证的用户的角色.
>使用此角色通过以下方式为经过身份验证的用户分配权限
>创建策略(策略 – >创建策略)以提供特定存储桶所需的访问权限.
>将此政策“附加”到经过身份验证的角色(角色 – > xxxx_auth_yyy – >附加政策).
>您的代码现在应该能够列出特定S3存储桶中的文件.

示例策略(步骤3)：

{
    "Version": "2012-10-17","Statement": [
        {
            "Effect": "Allow","Action": [
                "s3:ListBucket","s3:GetObject","s3:PutObject"
            ],"Resource": [
                "arn:aws:s3:::BUCKET_NAME*"
            ]
        }
    ]
}

适用于iOS的AWS开发工具包：无法列出S3存储桶中的文件

解决方法

猜你在找的iOS相关文章