Question:
RT.
This is my s3’s filesystem configure:
|
1 2 3 4 5 6 7 8 |
's3' => [ 'driver' => 's3', 'key' => env('AWS_ACCESS_KEY_ID'), 'secret' => env('AWS_SECRET_ACCESS_KEY'), 'region' => env('AWS_REGION'), 'bucket' => env('AWS_BUCKET'), ], |
And this is my composer.json:
|
1 2 3 4 5 6 7 8 9 |
"require": { "laravel/framework": "5.1.*", "barryvdh/laravel-ide-helper": "~2.0", "predis/predis": "~1.0", "guzzlehttp/guzzle": "~5.0", "league/flysystem-aws-s3-v3": "~1.0", "raven/raven": "0.12.*" }, |
And this is my s3’s bucket policy:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyUnEncryptedObjectUploads", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::*****bucket_name*****/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } } ] } |
Yes, I used "s3:x-amz-server-side-encryption": "AES256" as my PutObject’s condition, but I wanna use like this code:
|
1 2 |
Storage::disk('s3')->put('test.log','123'); |
But when I run it, I will got response like this:
|
1 2 3 4 5 6 |
[Aws\S3\Exception\S3Exception] Error executing "HeadObject" on "https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log"; AWS HTTP error: Client error response [url]https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden (client): 403 Forbidden (Request-ID: 39C30C8512E5ED16) - [GuzzleHttp\Exception\ClientException] Client error response [url] https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden |
So, how can I do this?
Thanks!
Answer:
(Laravel 5.3) If your bucket policy requires server side encryption for all objects, rather than access the S3 driver and pass arguments to that, I was able to universally enable S3 SSE by setting it as an option in the configuration:
config/filesystems.php
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
... 's3' => [ 'driver' => 's3', 'key' => env('AWS_ACCESS_KEY_ID'), 'secret' => env('AWS_SECRET_ACCESS_KEY'), 'region' => env('AWS_REGION'), 'bucket' => env('AWS_S3_BUCKET'), 'options' => [ 'ServerSideEncryption' => 'AES256', ] ], ... |
With the ServerSideEncryption option set in the configuration, I am able to make method calls on the “disk” directly.
|
1 2 3 |
$s3 = Storage::disk('s3'); $s3->putFileAs($prefix, new File($path), $filename); |