script to download file from Amazon S3 bucket

后端 未结 5 1417
清歌不尽
清歌不尽 2021-02-08 00:06

Trying to write script to download file from Amazon S3 bucket.

Having trouble with the example on the cURL site. The script below produces:

The re

相关标签:
5条回答
  • 2021-02-08 00:26

    Avoid signing the request yourself, a lot can go wrong or be hard to do. For example, you should check that the date is set to GMT or use x-amz-date headers.

    Another approach is to use the AWS Command Line Interface and so use $ aws s3 cp or $ aws s3 sync.

    0 讨论(0)
  • 2021-02-08 00:26

    As of August 2019 I found this to work. Has added region, and format of URL has changed.

    #!/bin/sh 
    outputFile="/PATH/TO/LOCALLY/SAVED/FILE"
    amzFile="BUCKETPATH/TO/FILE"
    region="YOUR-REGION"
    bucket="SOME-BUCKET"
    resource="/${bucket}/${amzFile}"
    contentType="binary/octet-stream"
    dateValue=`TZ=GMT date -R`
    # You can leave our "TZ=GMT" if your system is already GMT (but don't have to)
    stringToSign="GET\n\n${contentType}\n${dateValue}\n${resource}"
    s3Key="ACCESS_KEY_ID"
    s3Secret="SECRET_ACCESS_KEY"
    signature=`echo -en ${stringToSign} | openssl sha1 -hmac ${s3Secret} -binary | base64`
    curl -H "Host: s3-${region}.amazonaws.com" \
         -H "Date: ${dateValue}" \
         -H "Content-Type: ${contentType}" \
         -H "Authorization: AWS ${s3Key}:${signature}" \
         https://s3-${region}.amazonaws.com/${bucket}/${amzFile} -o $outputFile
    
    0 讨论(0)
  • 2021-02-08 00:27

    I write this bash script to download file from s3 (I download compressed file, you can change contentType to download other types of file)

    #!/bin/sh 
    outputFile="Your_PATH"
    amzFile="AMAZON_FILE_PATH"
    bucket="YOUR_BUCKET"
    resource="/${bucket}/${amzFile}"
    contentType="application/x-compressed-tar"
    dateValue=`date -R`
    stringToSign="GET\n\n${contentType}\n${dateValue}\n${resource}"
    s3Key="YOUR_S3_KEY"
    s3Secret="YOUR_S3SECRET"
    signature=`echo -en ${stringToSign} | openssl sha1 -hmac ${s3Secret} -binary | base64`
    
    curl  -H "Host: ${bucket}.s3.amazonaws.com" \
         -H "Date: ${dateValue}" \
         -H "Content-Type: ${contentType}" \
         -H "Authorization: AWS ${s3Key}:${signature}" \
         https://${bucket}.s3.amazonaws.com/${amzFile} -o $outputFile
    
    0 讨论(0)
  • 2021-02-08 00:28

    I created a complete AWS signature creator. You can find the original file here (please note: it has multiple gist comments so it definitely works!).

    readonly AWS_ACCESS_KEY_ID='<your_access_key_id>'
    readonly AWS_SECRET_ACCESS_KEY='<your_secret_access_key>'
    readonly AWS_SERVICE='s3'
    readonly AWS_REGION='us-east-1'
    readonly AWS_S3_BUCKET_NAME='<your_bucket_name>'
    readonly AWS_SERVICE_ENDPOINT_URL="\
    ${AWS_S3_BUCKET_NAME}.${AWS_SERVICE}.amazonaws.com"
    
    # Create an SHA-256 hash in hexadecimal.
    # Usage:
    #   hash_sha256 <string>
    function hash_sha256 {
      printf "${1}" | openssl dgst -sha256 | sed 's/^.* //'
    }
    
    # Create an SHA-256 hmac in hexadecimal format.
    # Usage:
    #   hmac_sha256 <key> <data>
    function hmac_sha256 {
      key="$1"
      data="$2"
      printf "${data}" | openssl dgst -sha256 -mac HMAC -macopt "${key}" | \
          sed 's/^.* //'
    }
    
    readonly CURRENT_DATE_DAY="$(date -u '+%Y%m%d')"
    readonly CURRENT_DATE_TIME="$(date -u '+%H%M%S')"
    readonly CURRENT_DATE_ISO8601="${CURRENT_DATE_DAY}T${CURRENT_DATE_TIME}Z"
    
    readonly HTTP_REQUEST_METHOD='GET'
    readonly HTTP_REQUEST_PAYLOAD=''
    readonly HTTP_REQUEST_PAYLOAD_HASH="$(printf "${HTTP_REQUEST_PAYLOAD}" | \
        openssl dgst -sha256 | sed 's/^.* //')"
    readonly HTTP_CANONICAL_REQUEST_URI='/video_clips/0940.m3u8'
    readonly HTTP_CANONICAL_REQUEST_QUERY_STRING=''
    readonly HTTP_REQUEST_CONTENT_TYPE='application/x-www-form-urlencoded'
    
    readonly HTTP_CANONICAL_REQUEST_HEADERS="\
    content-type:${HTTP_REQUEST_CONTENT_TYPE}
    host:${AWS_SERVICE_ENDPOINT_URL}
    x-amz-content-sha256:${HTTP_REQUEST_PAYLOAD_HASH}
    x-amz-date:${CURRENT_DATE_ISO8601}"
    # Note: The signed headers must match the canonical request headers.
    readonly HTTP_REQUEST_SIGNED_HEADERS="\
    content-type;host;x-amz-content-sha256;x-amz-date"
    
    readonly HTTP_CANONICAL_REQUEST="\
    ${HTTP_REQUEST_METHOD}
    ${HTTP_CANONICAL_REQUEST_URI}
    ${HTTP_CANONICAL_REQUEST_QUERY_STRING}
    ${HTTP_CANONICAL_REQUEST_HEADERS}\n
    ${HTTP_REQUEST_SIGNED_HEADERS}
    ${HTTP_REQUEST_PAYLOAD_HASH}"
    
    # Create the signature.
    # Usage:
    #   create_signature
    function create_signature {
      stringToSign="AWS4-HMAC-SHA256
    ${CURRENT_DATE_ISO8601}
    ${CURRENT_DATE_DAY}/${AWS_REGION}/${AWS_SERVICE}/aws4_request
    $(hash_sha256 "${HTTP_CANONICAL_REQUEST}")"
    
      dateKey=$(hmac_sha256 key:"AWS4${AWS_SECRET_ACCESS_KEY}" \
          "${CURRENT_DATE_DAY}")
      regionKey=$(hmac_sha256 hexkey:"${dateKey}" "${AWS_REGION}")
      serviceKey=$(hmac_sha256 hexkey:"${regionKey}" "${AWS_SERVICE}")
      signingKey=$(hmac_sha256 hexkey:"${serviceKey}" "aws4_request")
    
      printf "${stringToSign}" | openssl dgst -sha256 -mac HMAC -macopt \
          hexkey:"${signingKey}" | awk '{print $2}'
    }
    
    readonly SIGNATURE="$(create_signature)"
    
    readonly HTTP_REQUEST_AUTHORIZATION_HEADER="\
    AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${CURRENT_DATE_DAY}/\
    ${AWS_REGION}/${AWS_SERVICE}/aws4_request, \
    SignedHeaders=${HTTP_REQUEST_SIGNED_HEADERS};x-amz-date, Signature=${SIGNATURE}"
    
    curl -X "${HTTP_REQUEST_METHOD}" -v \
        "https://${AWS_SERVICE_ENDPOINT_URL}${HTTP_CANONICAL_REQUEST_URI}" \
        -H "Authorization: ${HTTP_REQUEST_AUTHORIZATION_HEADER}" \
        -H "content-type: ${HTTP_REQUEST_CONTENT_TYPE}" \
        -H "x-amz-content-sha256: ${HTTP_REQUEST_PAYLOAD_HASH}" \
        -H "x-amz-date: ${CURRENT_DATE_ISO8601}"
    

    Please note though, it's much better to use the AWS APIs if you don't have a reason to create a signature.

    0 讨论(0)
  • 2021-02-08 00:34
    #!/bin/sh
    # This works for cross region
    outputFile="/PATH/TO/FILE"
    awsFile="BUCKETPATH/TO/FILE"
    bucket="SOME-BUCKET"
    resource="/${bucket}/${awsFile}"
    contentType="application/x-compressed-tar"
    # Change the content type as desired
    dateValue=`TZ=GMT date -R`
    #Use dateValue=`date -R` if your TZ is already GMT
    stringToSign="GET\n\n${contentType}\n${dateValue}\n${resource}"
    s3Key="ACCESS_KEY_ID"
    s3Secret="SECRET_ACCESS_KEY"
    signature=`echo -n ${stringToSign} | openssl sha1 -hmac ${s3Secret} -binary | base64`
    curl -H "Host: ${bucket}.s3.amazonaws.com" \
         -H "Date: ${dateValue}" \
         -H "Content-Type: ${contentType}" \
         -H "Authorization: AWS ${s3Key}:${signature}" \
         https://${bucket}.s3.amazonaws.com/${awsFile} -o $outputFile
    
    0 讨论(0)
提交回复
热议问题