Amazon AWS Cognito和Python Boto3建立AWS连接并将文件上传到Bucket

I'm trying to use the AWS cognito service to authenticate and upload a file. I have been provided my regionType, identityPool, AWS account ID, and UnAuthRole. I also know the production and development bucket names.

我正在尝试使用AWS cognito服务来验证和上传文件。我已经提供了我的regionType，identityPool，AWS账户ID和UnAuthRole。我也知道生产和开发桶名称。

I think I am setting the AWS Access Key and AWS Secret Key... I want to authenticate with cognito and use the results to allow me to do an bucket listing and later a file upload.

我想我正在设置AWS Access Key和AWS Secret Key ...我想通过cognito进行身份验证并使用结果来允许我进行存储桶列表以及稍后的文件上传。

What am I doing wrong? How can I use the cognito id to establish an S3 connection?

我究竟做错了什么？如何使用cognito id建立S3连接？

Here is my code and the resulting error:

这是我的代码和产生的错误：

#!/usr/bin/python

import boto3
import boto
#boto.set_stream_logger('foo')
import json
client = boto3.client('cognito-identity','us-east-1')
resp =  client.get_id(AccountId='<ACCNTID>',IdentityPoolId='<IDPOOLID>')
print "\nIdentity ID: %s"%(resp['IdentityId'])
print "\nRequest ID: %s"%(resp['ResponseMetadata']['RequestId'])
resp = client.get_open_id_token(IdentityId=resp['IdentityId'])
token = resp['Token']
print "\nToken: %s"%(token)
print "\nIdentity ID: %s"%(resp['IdentityId'])
resp = client.get_credentials_for_identity(IdentityId=resp['IdentityId'])
secretKey = resp['Credentials']['SecretKey']
accessKey = resp['Credentials']['AccessKeyId']
print "\nSecretKey: %s"%(secretKey)
print "\nAccessKey ID: %s"%(accessKey)
print resp
conn = boto.connect_s3(aws_access_key_id=accessKey,aws_secret_access_key=secretKey,debug=0)
print "\nConnection: %s"%(conn)
for bucket in conn.get_all_buckets():
    print bucket.name

Error:

错误：

   Traceback (most recent call last):
  File "./test.py", line 32, in <module>
    for bucket in conn.get_all_buckets():
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 440, in get_all_buckets
    response.status, response.reason, body)
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>ASIAILXMPZEMJAVZN7TQ</AWSAccessKeyId><RequestId>10631ACFF95610DD</RequestId><HostId>PGWDRBmhLjjv8Ast8v6kVHOG3xR8erJRV2ob3/2RmqHXwrg8HCZV578YsNLaoL24Hknr+nh033U=</HostId></Error>

This corresponding iOS code works fine:

这个相应的iOS代码工作正常：

AWSCognitoCredentialsProvider *credentialsProvider =
[AWSCognitoCredentialsProvider credentialsWithRegionType:awsCognitoRegionType
                                               accountId:awsAccountId
                                          identityPoolId:awsCognitoIdentityPool
                                           unauthRoleArn:unauthRoleArn
                                                  authRoleArn:nil];

AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:awsCognitoRegionType
                                                                      credentialsProvider:credentialsProvider];

....

AWSS3TransferManagerUploadRequest *uploadRequest = [AWSS3TransferManagerUploadRequest new];
uploadRequest.bucket = [ELEEnvironment currentEnvironment].userDataS3Bucket;
uploadRequest.key = key;
uploadRequest.body = uploadFileURL;
[[self uploadTask:uploadRequest] continueWithExecutor:[BFExecutor mainThreadExecutor]...

Thanks for any help!

谢谢你的帮助！

3 个解决方案

#1

This question is really invalid because the authentication was failing not on creating a session but when trying to list the buckets.

此问题确实无效，因为身份验证在创建会话时失败但在尝试列出存储桶时失败。

Uploading and downloading from a specific bucket works fine with the above code but not the listing of all buckets.

从特定存储桶上传和下载可以正常使用上述代码，但不适用于所有存储桶的列表。

# Upload a new file
data = open('test.jpg', 'rb')
s3.Bucket('mybucket').put_object(Key='test.jpg', Body=data)

# S3 Object
obj = s3.Object(bucket_name='mybucket', key='test.jpg')
response = obj.get()
data = response['Body'].read()
print len(data)

#2

PhilBot, I don't know why your original code sample connects to s3 using boto (as opposed to boto3). The code connects to cognito using boto3. As of now, boto3 is stable and there's probably not much reason to use boto anymore. (Maybe when you originally posted your question, boto3 was not as stable as it is today.)

PhilBot，我不知道为什么你的原始代码示例使用boto连接到s3（而不是boto3）。代码使用boto3连接到cognito。截至目前，boto3是稳定的，可能没有太多理由再使用boto了。（也许当你最初发布你的问题时，boto3并不像今天那样稳定。）

When I tried using your code to connect to kinesis with boto3, it didn't work -- I had to pass response["Credentials"]["SessionToken"] as the aws_session_token to the client() function.

当我尝试使用你的代码用boto3连接到kinesis时，它不起作用 - 我必须将响应[“Credentials”] [“SessionToken”]作为aws_session_token传递给client（）函数。

#3

This is your error:

这是你的错误：

File "./test.py", line 32, in <module>
bucket = conn.get_bucket("elektradevbucket")

This is your part of the code that references the bucket:

这是您引用存储桶的代码的一部分：

bucket = conn.get_bucket("testbucket")
'''
s3 = boto3.resource('s3')
for bucket in s3.buckets.all():
    print(bucket.name)
s3.Bucket('testbucket')

Are you sure you are running or calling the correct script?

您确定要运行或调用正确的脚本吗？

Best, -Iulian

最好的， - 尤利安

#1