有你在这个环节https://docs.aws.amazon.com/aws-sdk-php/v3/guide/service/cloudfront-signed-url.html
使用PHP SDK问什么的例子,这里是在Larave使用自定义策略的等效代码(5.3):
public static function signedUrl($resourceKey) {
//$resourceKey = 'videos/example.mp4'
$baseUrl = 'https://xxxxjjjj.cloudfront.net';
$fullUrl = $baseUrl . '/' . $resourceKey;
$expires = time() + 300;
$customSigningPolicy = <<<POLICY
{
"Statement": [
{
"Resource": "{$fullUrl}",
"Condition": {
"DateLessThan": {"AWS:EpochTime": {$expires}}
}
}
]
}
POLICY;
// CloudFront Signed Urls
/** @var CloudFrontClient $cloudFront */
$cloudFront = \AWS::createClient('CloudFront');
$url = $cloudFront->getSignedUrl([
'url' => $fullUrl,
'policy' => $customSigningPolicy,
'key_pair_id' => 'YOUR_KEY_PAIR_ID',
'private_key' => '/path/to/your/cloudfront-private-key.pem'
]);
return $url;
}
附:我在aws示例中发现了一个错误,因为他们在不打扰的策略中使用$ resourceKey作为Resource值,与我一起工作的是使用该文件的完整url。
其代码:
$resourceKey = 'videos/example.mp4';
$customPolicy = <<<POLICY
{
"Statement": [
{
"Resource": "{$resourceKey}",
"Condition": {
"IpAddress": {"AWS:SourceIp": "{$_SERVER['REMOTE_ADDR']}/32"},
"DateLessThan": {"AWS:EpochTime": {$expires}}
}
}
]
}
POLICY;
什么工作:
$resourceKey = 'videos/example.mp4'; // or $resourceKey = 'videos/*'; or $resourceKey = '*';
$fullUrl = $baseUrl . '/' . $resourceKey;
$customPolicy = <<<POLICY
{
"Statement": [
{
"Resource": "{$fullUrl}",
"Condition": {
"IpAddress": {"AWS:SourceIp": "{$_SERVER['REMOTE_ADDR']}/32"},
"DateLessThan": {"AWS:EpochTime": {$expires}}
}
}
]
}
POLICY;
我已经生成标识的URL的使用PHP SDK,但是当我底座部分,即('S3- .amazonaws.com'替换为'hhsdjf.cloudfront.net')它的访问被拒绝错误 –
Jabaa
更改URL的主机组件并不是如何工作的。 CloudFront签名的URL *完全*不同,由不同的代码生成,并且在查询字符串中包含'&Key-Pair-Id = ...' - 它们不使用“X-Amz-Credential”并且不使用AWSAccessKeyId '。 –