Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

亚马逊网络服务AWS S3 Java SDK访问被拒绝

4 月 Questions & Answers

我试图使用AWS SDK访问一个bucket及其所有对象,但在运行代码时,我在线程“main”com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: X), S3 Extended Request ID: Y=中得到一个异常错误

尽管我已获得以下所有权限,但请告知我缺少的地方以及为什么会发生拒绝访问错误:

s3:GetObject
s3:GetObjectVersion
s3:GetObjectAcl
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetBucketLocation
s3:GetBucketLogging
s3:ListBucket
s3:ListBucketVersions
s3:ListBucketMultipartUploads
s3:GetObjectTorrent
s3:GetObjectVersionAcl

代码如下:

AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTP);
AmazonS3 conn = new AmazonS3Client(credentials, clientConfig);
conn.setEndpoint(bucketName);
Bucket bucket = conn.createBucket(bucketName);
ObjectListing objects = conn.listObjects(bucket.getName());
do {
    for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) {
            System.out.println(objectSummary.getKey() + "\t" +
                    objectSummary.getSize() + "\t" +
                    StringUtils.fromDate(objectSummary.getLastModified()));
    }
    objects = conn.listNextBatchOfObjects(objects);
} while (objects.isTruncated());

共 (6) 个答案

  1. # 1 楼答案

    问题现在解决了。代码中存在以下问题:

    1. 终点不正确,应该有一个正确的终点
    2. 没有给予水桶足够的许可。在AWS SDK中使用bucket之前,应获取完整权限列表

    下面是正确的代码

    AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTP);
AmazonS3 conn = new AmazonS3Client(credentials, clientConfig);
conn.setEndpoint("correct end point");
Bucket bucket = conn.createBucket(bucketName);
ObjectListing objects = conn.listObjects(bucket.getName());
do {
    for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) {
            System.out.println(objectSummary.getKey() + "\t" +
                    objectSummary.getSize() + "\t" +
                    StringUtils.fromDate(objectSummary.getLastModified()));
    }
    objects = conn.listNextBatchOfObjects(objects);
} while (objects.isTruncated());
  2. # 2 楼答案

    转到IAM,检查用于API的用户[Access Key&Secret Key]是否具有使用基于S3的API的权限

    将S3策略附加到指定用户-尝试使用S3完全访问;一旦成功,你可以对通道进行微调。 有关更多信息,请查看此链接[Managing IAM Policies]

  3. # 3 楼答案

    在bucket的权限选项卡中,我取消选中:

    • Manage public access control lists (ACLs) for this bucket
    • Block new public ACLs and uploading public objects (Recommended)

    问题消失了

  4. # 4 楼答案 

    // This is save s3 buket image  code   




    byte imageBytes[] = request.getThumbnail().readAllBytes();  

    InputStream inputStream = new ByteArrayInputStream(imageBytes);

    ObjectMetadata metadata = new ObjectMetadata();
    metadata.setContentLength(imageBytes.length);
    metadata.setContentType("image/png");
    String image = String.valueOf(System.currentTimeMillis());
    
    // String image=String.valueOf(System.getProperty(String.valueOf(inputRequest)));
    // String image=String.valueOf(System.getProperty(String.valueOf(inputRequest)));

    String key = "image/" + image;

    s3.putObject(new PutObjectRequest(bucketName, key, inputStream, metadata)
      .withCannedAcl(CannedAccessControlList.Private));
  5. # 5 楼答案

    我也遇到了同样的异常,我就是这样解决的

    S3 bucket对象使用服务端KMS加密。我必须将app/lambda角色作为用户添加到加密密钥中

  6. # 6 楼答案

    如果在设置了正确的IAM策略并检查了bucket/path之后仍然看到错误,请检查apache http客户端依赖关系。ApacheHTTP客户端4.5.5工作正常,而4.5.7及以上版本由于一些奇怪的原因(没有正确编码文件夹路径分隔符)失败。在这种情况下,必须将apache http客户端版本显式设置为4.5.5。。或者至少是其他一些有效的版本