[英]com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied
Here's my Java code:这是我的Java代码:
AmazonS3 conn = new AmazonS3Client();
AmazonS3URI uri = new AmazonS3URI(s3uri);
ObjectListing objects = conn.listObjects(uri.getBucket(), uri.getKey());
A very simple task, I try to use AmazonS3 Java client to access S3, but this line conn.listObjects
keeps failing and gave me the following exception:一个非常简单的任务,我尝试使用 AmazonS3 Java 客户端访问 S3,但是这一行
conn.listObjects
一直失败并给了我以下异常:
Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXX), S3 Extended Request ID: xxxxxxxxx
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3826)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3778)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:610)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:588)
A very obvious error code: 403 which denotes my aws credentials are wrong, however, this is exactly the same credentials that my coworkers are using to access the same s3 bucket, to rule out the possibility that I have a typo somewhere, I literally deleted my previous one and used the same one that my coworkers sent to me and put them under ~/.aws/一个非常明显的错误代码:403 表示我的 aws 凭据错误,但是,这与我的同事用来访问同一个 s3 存储桶的凭据完全相同,以排除我在某处输入错误的可能性,我从字面上删除我以前的一个,使用的是我同事发给我的同一个,并将它们放在 ~/.aws/ 下
I also researched other possible reasons, one could be that this S3 bucket doesn't give the permissions to my IAM role, apparently that is not be my case either.我还研究了其他可能的原因,一个可能是这个 S3 存储桶没有向我的 IAM 角色授予权限,显然这也不是我的情况。
Any help please?请问有什么帮助吗? What could be the culprit?
罪魁祸首可能是什么?
The AWS SDK for Java has a DefaultAWSCredentialsProviderChain
that checks credentials in this order:适用于 Java 的 AWS 开发工具包有一个
DefaultAWSCredentialsProviderChain
,它按以下顺序检查凭证:
~/.aws/credentials
) shared by all AWS SDKs and the AWS CLI~/.aws/credentials
) 中的凭证配置文件AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
environment variable is set and security manager has permission to access the variableAWS_CONTAINER_CREDENTIALS_RELATIVE_URI
环境变量并且安全管理员有权访问该变量,则通过Amazon EC2 容器服务交付的凭证It is possible that your credentials are being set prior to your desired configuration file being consulted.有可能在查阅所需的配置文件之前设置了您的凭据。
One way to check which credentials are being used is to use the aws iam get-user
command to show the current user.检查正在使用哪些凭据的一种方法是使用
aws iam get-user
命令显示当前用户。 You could also try that in Java with the GetUser()
call.您也可以使用
GetUser()
调用在 Java 中尝试。
如果它对任何人有帮助 - 我收到此错误是因为在尝试上传到存储桶时未指定服务器端加密时存储桶策略设置为拒绝s3:x-amz-server-side-encryption
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.