java com.amazonaws.services.s3.model.AmazonS3Exception:访问被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/42798926/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied
提问by Fisher Coder
Here's my Java code:
这是我的Java代码:
AmazonS3 conn = new AmazonS3Client();
AmazonS3URI uri = new AmazonS3URI(s3uri);
ObjectListing objects = conn.listObjects(uri.getBucket(), uri.getKey());
A very simple task, I try to use AmazonS3 Java client to access S3, but this line conn.listObjectskeeps failing and gave me the following exception:
一个非常简单的任务,我尝试使用 AmazonS3 Java 客户端来访问 S3,但是这一行conn.listObjects一直失败并给了我以下异常:
Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXX), S3 Extended Request ID: xxxxxxxxx
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3826)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3778)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:610)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:588)
A very obvious error code: 403 which denotes my aws credentials are wrong, however, this is exactly the same credentials that my coworkers are using to access the same s3 bucket, to rule out the possibility that I have a typo somewhere, I literally deleted my previous one and used the same one that my coworkers sent to me and put them under ~/.aws/
I also researched other possible reasons, one could be that this S3 bucket doesn't give the permissions to my IAM role, apparently that is not be my case either.
一个非常明显的错误代码:403 表示我的 aws 凭据错误,但是,这与我的同事用来访问同一个 s3 存储桶的凭据完全相同,以排除我在某处输入错误的可能性,我从字面上删除我以前的一个,使用的是我同事发给我的同一个,并将它们放在 ~/.aws/ 下
我还研究了其他可能的原因,一个可能是这个 S3 存储桶没有向我的 IAM 角色授予权限,显然这也不是我的情况。
Any help please? What could be the culprit?
请问有什么帮助吗?罪魁祸首可能是什么?
回答by John Rotenstein
The AWS SDK for Java has a DefaultAWSCredentialsProviderChainthat checks credentials in this order:
适用于 Java 的 AWS 开发工具包DefaultAWSCredentialsProviderChain按以下顺序检查凭证:
- Environment Variables- AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
- Java System Properties- aws.accessKeyId and aws.secretKey
- Credential profiles fileat the default location (
~/.aws/credentials) shared by all AWS SDKs and the AWS CLI - Credentials delivered through the Amazon EC2 container serviceif
AWS_CONTAINER_CREDENTIALS_RELATIVE_URIenvironment variable is set and security manager has permission to access the variable - Instance profile credentials delivered through the Amazon EC2 metadata service
- 环境变量- AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY(推荐,因为它们被除 .NET 之外的所有 AWS 开发工具包和 CLI 识别),或 AWS_ACCESS_KEY 和 AWS_SECRET_KEY(仅被 Java 开发工具包识别)
- Java 系统属性- aws.accessKeyId 和 aws.secretKey
- 默认位置 (
~/.aws/credentials) 中的凭证配置文件由所有 AWS 开发工具包和 AWS CLI 共享 - 如果设置了环境变量并且安全管理员有权访问该变量,则通过Amazon EC2 容器服务交付的凭据
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI - 通过Amazon EC2 元数据服务交付的实例配置文件凭证
It is possible that your credentials are being set prior to your desired configuration file being consulted.
可能在查阅所需的配置文件之前设置了您的凭据。
One way to check which credentials are being used is to use the aws iam get-usercommand to show the current user. You could also try that in Java with the GetUser()call.
检查正在使用哪些凭据的一种方法是使用该aws iam get-user命令显示当前用户。您也可以通过GetUser()调用在 Java 中尝试。
