Android 中 Amazon S3 预签名 URL 的改进

Posted 2023-03-27

技术标签:

【中文标题】Android 中 Amazon S3 预签名 URL 的改进【英文标题】：Improvements for the AmazonS3 presignedURL in Android 【发布时间】：2021-12-26 05:48:50 【问题描述】：

我正在为带有 Cognito 的 AmazonS3 presignedURL 寻找一些改进和建议。我注意到有时到期日期比设置的要早。这会导致错误“意外响应代码 400”。

MainActivity.java

// Amazon S3
private AmazonS3 amazonS3;

public AmazonS3 getAmazonS3() 
    return amazonS3;


public void setAmazonS3(AmazonS3 amazonS3) 
    this.amazonS3 = amazonS3;



@Override
protected void onCreate(Bundle savedInstanceState)         

    // AWS
    RunnableAWSS3 runnableAWSS3 = new RunnableAWSS3(activity);
    Thread thread = new Thread(runnableAWSS3);
    thread.start();
    thread.join();

    // Getting the JSON data stored in S3 bucket
    JsonObjectRequest jsonObjectRequest = new JsonObjectRequest(Request.Method.GET, runnableAWSS3.getPresignedURL(), null, response -> 
        ...
    );

RunnableAWSS3.java

public class RunnableAWSS3 implements Runnable 

private final ActivityMain activityMain;

private URL presignedURL;

public RunnableAWSS3(@NonNull Activity activity) 
    activityMain = (ActivityMain) activity;


@Override
public void run() 
    if (activityMain.getAmazonS3() == null) 
        // AWS
        // Initialize the Amazon Cognito credentials provider
        CognitoCachingCredentialsProvider cognitoCachingCredentialsProvider = new CognitoCachingCredentialsProvider(
                activityMain,
                "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxx",
                Regions.US_EAST_1
        );
        activityMain.setAmazonS3(new AmazonS3Client(cognitoCachingCredentialsProvider, Region.getRegion(Regions.US_EAST_1)));
    

    // Set the presigned URL to expire after twelve hours.
    presignedURL = activityMain.getAmazonS3().generatePresignedUrl(
            "xxxxxxxxxxxxxxxxxxxxxxxx",
            "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            new Date(System.currentTimeMillis() + 43200000));


public String getPresignedURL() 
    return presignedURL.toString();

有时我收到错误 E/Volley: [200] NetworkUtility.shouldRetryException: Unexpected response code 400 for ... 获取预签名 URL。

我希望能提供一些改进建议。

【问题讨论】：

【参考方案1】：

预签名 URL 会根据其签名方式限制过期时间。对于像 cognito 这样的临时凭证，与使用 IAM 凭证签署时相比，它的到期时间要短得多。一旦 cognito 用户的会话过期，您的预签名网址就会过期。

https://aws.amazon.com/premiumsupport/knowledge-center/presigned-url-s3-bucket-expiration/

【讨论】：

以上是关于Android 中 Amazon S3 预签名 URL 的改进的主要内容，如果未能解决你的问题，请参考以下文章