AWS S3 Java SDK - 拒绝访问
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24139352/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AWS S3 Java SDK - Access Denied
提问by gkbstar
I am trying to access a bucket and all its object using AWS SDK but while running the code i am getting an error as Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: X), S3 Extended Request ID: Y=
我正在尝试使用 AWS SDK 访问存储桶及其所有对象,但是在运行代码时,我收到一个错误,作为线程“main”中的异常 com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: X), S3 Extended Request ID: Y=
Kindly suggest, where i am lacking and why access denied error is occurring although i have taken all following permission to the bucket:
请建议,尽管我已经获得了对存储桶的所有以下许可,但我缺少的地方以及为什么会发生访问被拒绝的错误:
s3:GetObject
s3:GetObjectVersion
s3:GetObjectAcl
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetBucketLocation
s3:GetBucketLogging
s3:ListBucket
s3:ListBucketVersions
s3:ListBucketMultipartUploads
s3:GetObjectTorrent
s3:GetObjectVersionAcl
Code is as follows:
代码如下:
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTP);
AmazonS3 conn = new AmazonS3Client(credentials, clientConfig);
conn.setEndpoint(bucketName);
Bucket bucket = conn.createBucket(bucketName);
ObjectListing objects = conn.listObjects(bucket.getName());
do {
for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) {
System.out.println(objectSummary.getKey() + "\t" +
objectSummary.getSize() + "\t" +
StringUtils.fromDate(objectSummary.getLastModified()));
}
objects = conn.listNextBatchOfObjects(objects);
} while (objects.isTruncated());
采纳答案by gkbstar
The problem is now solved. There were following issue to the code:
现在问题解决了。代码存在以下问题:
- The end point was not correct, There should be a correct end point.
- There was not enough permission given to the bucket. A list of complete permission should be taken before using the bucket in AWS SDK.
- 终点不正确,应该有一个正确的终点。
- 没有给予存储桶足够的权限。在 AWS SDK 中使用存储桶之前,应获取完整权限列表。
Below is the correct code
下面是正确的代码
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTP);
AmazonS3 conn = new AmazonS3Client(credentials, clientConfig);
conn.setEndpoint("correct end point");
Bucket bucket = conn.createBucket(bucketName);
ObjectListing objects = conn.listObjects(bucket.getName());
do {
for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) {
System.out.println(objectSummary.getKey() + "\t" +
objectSummary.getSize() + "\t" +
StringUtils.fromDate(objectSummary.getLastModified()));
}
objects = conn.listNextBatchOfObjects(objects);
} while (objects.isTruncated());
回答by Naveen Vijay
Go to IAM and check whether the user [ Access Key & Secret Key ] which is being used for the API has the previliges to use S3 Based API.
转到 IAM 并检查用于 API 的用户 [ Access Key & Secret Key ] 是否具有使用基于 S3 的 API 的特权。
Attached S3 Policy to the specified User - try with S3 Full Access; you can fine-grain the access once this works. For More Information Check this Link [ Managing IAM Policies]
将 S3 策略附加到指定用户 - 尝试使用S3 完全访问权限;一旦成功,您就可以细化访问权限。有关更多信息,请查看此链接 [管理 IAM 策略]
回答by phongnt
In permission tab of bucket, i uncheck:
在存储桶的权限选项卡中,我取消选中:
- Manage public access control lists (ACLs) for this bucket
- Block new public ACLs and uploading public objects (Recommended)
- 管理此存储桶的公共访问控制列表 (ACL)
- 阻止新的公共 ACL 和上传公共对象(推荐)
and the problem gone.
问题就解决了。
回答by Karthik Karuppannan
If you still see the error even after setting the right IAM policy and checking the bucket/path, check the apache http client dependency. The apache http client 4.5.5 works fine, while 4.5.7 and above fails for some weird reason (not properly encoding the folder path separators). You will have to explicitly set the apache http client version to 4.5.5 in that case.. or at least some other version that works.
如果在设置正确的 IAM 策略并检查存储桶/路径后仍然看到错误,请检查 apache http 客户端依赖项。apache http 客户端 4.5.5 工作正常,而 4.5.7 及更高版本由于某种奇怪的原因而失败(未正确编码文件夹路径分隔符)。在这种情况下,您必须将 apache http 客户端版本明确设置为 4.5.5 .. 或至少其他一些有效的版本。
