AWS S3 access denied when getting image by url
PHP sdk v2
- the Credentials package is
Aws\Common\Credentials
- to create an
S3Client
you need a factory
Try something like this
use Aws\S3\S3Client;use Aws\Common\Credentials\Credentials;$credentials = new Credentials('YOUR_ACCESS_KEY', 'YOUR_SECRET_KEY');// Instantiate the S3 client with your AWS credentials$s3Client = S3Client::factory(array( 'signature' => 'v4', 'region' => 'ap-southeast-1', 'credentials' => $credentials, ..... ]);)
If that does not work you might try to declare explicitly a SignatureV4
object
use Aws\S3\S3Client;use Aws\Common\Credentials\Credentials;use Aws\Common\Signature\SignatureV4;$credentials = new Credentials('YOUR_ACCESS_KEY', 'YOUR_SECRET_KEY');// Instantiate the S3 client with your AWS credentials$s3Client = S3Client::factory(array( 'signature' => new SignatureV4(), 'region' => 'ap-southeast-1', 'credentials' => $credentials, ..... ]);)
In case you upgrade to sdk v3
- You need to have
signature_version
(instead ofsignature
) as parameter when you declare your s3 client Statement
does not appear to be a valid parameter (http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#signature-version)- if issue you can turn on
debug
param to get more output
This would look like this
$s3 = new Aws\S3\S3Client([ 'signature_version' => 'v4', 'version' => 'latest', 'region' => 'ap-southeast-1', 'credentials' => $credentials, 'http' => [ 'verify' => '/home/ubuntu/cacert.pem' ], 'debug' => true ]);
see here for the full list of available parameter
I have also face this issue with aws:kms
encyrption key, I suggest that if you wanted to use kms
key then you have to create your kms key
in IAM section of AWS Console
. I love to recommended AES256
server side encryption, here S3 automatically Encrypted your data while putting and decryption while getting object. Please go through below link:S3 Server Side encryption with AES256
My Solution is change this line 'ServerSideEncryption' => 'aws:kms' with 'ServerSideEncryption' => 'AES256'
try { $result = $this->Amazon->S3->putObject(array( 'Bucket' => 'mytest.sample', 'ACL' => 'authenticated-read', 'Key' => $newfilename, 'ServerSideEncryption' => 'AES256', 'SourceFile' => $filepath, 'ContentType' => mime_content_type($filepath), 'debug' => [ 'logfn' => function ($msg) { echo $msg . "\n"; }, 'stream_size' => 0, 'scrub_auth' => true, 'http' => true, ], ));} catch (S3Exception $e) { echo $e->getMessage() . "\n";}
Please also update your bucket policy with below json, it will prevent you to upload object with out AES256
encryption
{ "Sid": "DenyUnEncryptedObjectUploads", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::yourbucketname/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }