How can I use Storage :: disk ('s3') & # 8594; put () when my s3 x-amz-server-side-encryption is AES256 in Laravel 5.1?
RT.
This is my s3 filesystem config:
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_REGION'),
'bucket' => env('AWS_BUCKET'),
],
And this is my composer .json:
"require": {
"laravel/framework": "5.1.*",
"barryvdh/laravel-ide-helper": "~2.0",
"predis/predis": "~1.0",
"guzzlehttp/guzzle": "~5.0",
"league/flysystem-aws-s3-v3": "~1.0",
"raven/raven": "0.12.*"
},
And this is my s3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::*****bucket_name*****/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}
Yes, I used "s3:x-amz-server-side-encryption": "AES256"
PutObject as my condition, but I want to use this code:
Storage::disk('s3')->put('test.log','123');
But when I run it I get a response like this:
[Aws\S3\Exception\S3Exception]
Error executing "HeadObject" on "https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log"; AWS HTTP error: Client error response [url]https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden (client): 403 Forbidden (Request-ID: 39C30C8512E5ED16) -
[GuzzleHttp\Exception\ClientException]
Client error response [url] https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden
So how can I do this? Thank!
+3
source to share
2 answers
(Laravel 5.3) If your bucket policy requires server side encryption for all objects, rather than accessing the S3 driver and passing arguments, I was able to universally enable S3 SSE by setting it as an option in the config:
config / filesystems.php
...
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_REGION'),
'bucket' => env('AWS_S3_BUCKET'),
'options' => [
'ServerSideEncryption' => 'AES256',
]
],
...
With the ServerSideEncryption set in the configuration, I can directly invoke method calls on "disk".
$s3 = Storage::disk('s3');
$s3->putFileAs($prefix, new File($path), $filename);
+4
source to share