Recently developed deployment apps on AWS.
Read this article about AWS China pits and add two of my own pits, combined with my experience using AWS.
Http://www.jianshu.com/p/0d0fd39a40c9?utm_source=tuicool&utm_medium=referral
1. V4 Signature Authentication
Examples given in the official documentation:
import boto3
s3 = boto3.resource(‘s3‘)
s3.meta.client.upload_file(‘/tmp/hello.txt‘, ‘mybucket‘, ‘hello.txt‘)
The following error occurs after you run:
An error occurred (Invalidrequest) when calling the Getbucketlifecycle operation:missing required headers for this request : x-amz-content-sha256
The following explanations are found in the documentation. As a general rule, AWS S3 will use the fourth edition of signature authentication later. In particular, new servers in the Asia Pacific region.
========================
Protect against reuse of the signed portions of the Request–the signed portions (using AWS
Signatures) of requests is valid within minutes of the timestamp in the request. An unauthorized
Party who have access to a signed request can modify the unsigned portions of the request without
Affecting the request ' s validity in the minute window. Because of this, we recommend
Maximize protection by signing request headers and body, making HTTPS requests to Amazon S3,
And by using the S3:X-AMZ-CONTENT-SHA256 condition key (see Amazon S3 Signature Version 4
Authentication specific Policy Keys (p.)) in AWS policies to require users to sign S3 request bodies.
Note
Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests
To AWS Services, with all AWS regions. At this time, AWS regions created before January 30, 2014
Would continue to support the previous protocol, Signature Version 2. Any new regions after January
4, would support-only Signature and therefore-requests to those regions must
be made with Signature Version 4. For more information on AWS Signature Version 2, see
Signing and authenticating REST requests in the Amazon simple Storage Service Developer
Guide.
======================
But the pit daddy is, he didn't tell how to add this header.
Fortunately Boto3 is the Python API, go directly to the source to find the answer.
import boto3 from botocore.client import Config
s3 = boto3.resource(‘s3‘, config=Config(signature_version=‘s3v4‘))
s3.meta.client.upload_file(‘/tmp/hello.txt‘, ‘mybucket‘, ‘hello.txt‘)
2. Region naming
All you should know about using AWS is that you need to select the region of your server.
However, in the documentation provided by Boto, there is no comparison between regions and region.
For example: you choose Asia Pacific ( Seoul)--Asia Pacific (Seoul), but if you set the region to ' Seoul ', there will be an ' access abort ' error.
If you want to set region, refer to the following table
AWS Regional Settings Comparison table
Us-east-1 |
US East (N. Virginia) |
US East (N. Virginia) |
Us-west-1 |
US West (Northern California) |
US West (N. California) |
Us-west-2 |
US West (Oregon) |
US West (Oregon) |
Ap-northeast-1 |
Asia Pacific (Tokyo) |
Asia Pacific (Tokyo) |
Ap-southeast-1 |
Asia Pacific (Singapore) |
Asia Pacific (Singapore) |
Ap-southeast-2 |
Asia Pacific (Sydney) |
Asia Pacific (Sydney) |
Ap-northeast-2 |
Asia Pacific (Seoul) |
Asia Pacific (Seoul) |
Eu-west-1 |
Europe (Ireland) |
EU (Ireland) |
Eu-central-1 |
Europe (Frankfurt) |
EU (Frankfurt) |
Sa-east-1 |
South America (Sao Paulo) |
South America (Sao Paulo) |
Cn-north-1 |
China (Beijing) |
Cn-north-1 |
Python uses Boto3 to manipulate pits in AWS S3