升級到3.0 PHP sdk,這可能是一個錯誤,因爲它打破了一切。AWS PHP SDK 3.0提供區域時Sts客戶端拋出非範圍區域的錯誤
我試圖創建一個STS客戶端,但它不斷收到錯誤
Error executing "GetFederationToken" on "https://sts.amazonaws.com"; AWS HTTP error: Client error: 403 SignatureDoesNotMatch (client): Credential should be scoped to a valid region, not 'us-west-1'. - <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region, not 'us-west-1'. </Message>
</Error>
<RequestId>604fe518-2381-11e5-8b68-471c4b83f798</RequestId>
</ErrorResponse>
PHP代碼
$config = \Config::get('shared_config');
$sdk = new \Aws\Sdk($config);
$sts = $sdk->createSts();
$result = $sts->getFederationToken(array(
'Name' => 'appuser',
'DurationSeconds' => 3600,
'Policy' => json_encode(array(
'Statement' => array(
array(
'Sid' => 'randomstatementid' . time(),
'Action' => array('s3:PutObject'),
'Effect' => 'Allow',
'Resource' => 'arn:aws:s3:::' . \Config::get('aws_bucket'),
)
)
))
));
其中$ config是
array(
'region' => 'us-west-1',
'version' => 'latest',
'debug'=>true,
'credentials'=>array(
'key' => 'XXX',
'secret' => 'XXX',
)
所以數組該地區明顯設置,美國西部1有效區域 https://docs.aws.amazon.com/general/latest/gr/rande.html
的文檔是非常糟糕,但https://docs.aws.amazon.com/aws-sdk-php/v3/guide/getting-started/basic-usage.html#using-the-sdk-class是林排序如下
和創建客戶端 https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.Sdk.html 參見方法createSts
我也可以successfuly使用S3客戶端使用相同的憑據只是罰款和做命令。
$config = \Config::get('shared_config');
$sdk = new \Aws\Sdk($config);
$s3 = $sdk->createS3();