Skip to content
On this page

生成云存储临时令牌(STS)

在「开发控制台」-> 「云函数」 -> 「依赖管理」,添加 @aws-sdk/client-sts 依赖(需重启应用生效)。

创建云函数 get-oss-sts,添加如下代码:

import cloud from "@/cloud-sdk";
import { STSClient, AssumeRoleCommand } from "@aws-sdk/client-sts";

exports.main = async function (ctx: FunctionContext) {
  const sts: any = new STSClient({
    region: cloud.env.OSS_REGION,
    endpoint: cloud.env.OSS_INTERNAL_ENDPOINT,
    credentials: {
      accessKeyId: cloud.env.OSS_ACCESS_KEY,
      secretAccessKey: cloud.env.OSS_ACCESS_SECRET,
    },
  });

  const cmd = new AssumeRoleCommand({
    DurationSeconds: 3600,
    Policy:
      '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"arn:aws:s3:::*"}]}',
    RoleArn: "arn:xxx:xxx:xxx:xxxx",
    RoleSessionName: cloud.appid,
  });

  const res = await sts.send(cmd);

  return {
    credentials: res.Credentials,
    endpoint: cloud.env.OSS_EXTERNAL_ENDPOINT,
    region: cloud.env.OSS_REGION,
  };
};
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

保存 & 发布云函数,即可访问。

前端使用 STS 令牌访问云存储

@see 前端使用 STS 令牌访问云存储

Apache License V2.0