com.amazonaws.services.s3.model.AmazonS3Exception:访问被拒绝
[英]com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied
问题描述
Here's my Java code:
这是我的Java代码:
AmazonS3 conn = new AmazonS3Client();
AmazonS3URI uri = new AmazonS3URI(s3uri);
ObjectListing objects = conn.listObjects(uri.getBucket(), uri.getKey());
A very simple task, I try to use AmazonS3 Java client to access S3, but this line conn.listObjects keeps failing and gave me the following exception:一个非常简单的任务,我尝试使用 AmazonS3 Java 客户端访问 S3,但是这一行conn.listObjects一直失败并给了我以下异常:
Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXX), S3 Extended Request ID: xxxxxxxxx
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3826)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3778)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:610)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:588)
A very obvious error code: 403 which denotes my aws credentials are wrong, however, this is exactly the same credentials that my coworkers are using to access the same s3 bucket, to rule out the possibility that I have a typo somewhere, I literally deleted my previous one and used the same one that my coworkers sent to me and put them under ~/.aws/
一个非常明显的错误代码:403 表示我的 aws 凭据错误,但是,这与我的同事用来访问同一个 s3 存储桶的凭据完全相同,以排除我在某处输入错误的可能性,我从字面上删除我以前的一个,使用的是我同事发给我的同一个,并将它们放在 ~/.aws/ 下I also researched other possible reasons, one could be that this S3 bucket doesn't give the permissions to my IAM role, apparently that is not be my case either.
我还研究了其他可能的原因,一个可能是这个 S3 存储桶没有向我的 IAM 角色授予权限,显然这也不是我的情况。
Any help please?请问有什么帮助吗? What could be the culprit?罪魁祸首可能是什么?
2 个解决方案
解决方案1
8 已采纳 2017-03-15 02:17:27
The AWS SDK for Java has a DefaultAWSCredentialsProviderChain that checks credentials in this order:适用于 Java 的 AWS 开发工具包有一个DefaultAWSCredentialsProviderChain ,它按以下顺序检查凭证:
- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)环境变量- AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY(推荐,因为它们被除 .NET 之外的所有 AWS 开发工具包和 CLI 识别),或 AWS_ACCESS_KEY 和 AWS_SECRET_KEY(仅被 Java 开发工具包识别)
- Java System Properties - aws.accessKeyId and aws.secretKey Java 系统属性- aws.accessKeyId 和 aws.secretKey
- Credential profiles file at the default location (
~/.aws/credentials) shared by all AWS SDKs and the AWS CLI所有 AWS 开发工具包和 AWS CLI 共享的默认位置 ( ~/.aws/credentials) 中的凭证配置文件 - Credentials delivered through the Amazon EC2 container service if
AWS_CONTAINER_CREDENTIALS_RELATIVE_URIenvironment variable is set and security manager has permission to access the variable如果设置了AWS_CONTAINER_CREDENTIALS_RELATIVE_URI环境变量并且安全管理员有权访问该变量,则通过Amazon EC2 容器服务交付的凭证 - Instance profile credentials delivered through the Amazon EC2 metadata service通过Amazon EC2 元数据服务交付的实例配置文件凭证
It is possible that your credentials are being set prior to your desired configuration file being consulted.有可能在查阅所需的配置文件之前设置了您的凭据。
One way to check which credentials are being used is to use the aws iam get-user command to show the current user.检查正在使用哪些凭据的一种方法是使用aws iam get-user命令显示当前用户。 You could also try that in Java with the GetUser() call.您也可以使用GetUser()调用在 Java 中尝试。
解决方案2
0 2020-10-22 17:38:30
如果它对任何人有帮助 - 我收到此错误是因为在尝试上传到存储桶时未指定服务器端加密时存储桶策略设置为拒绝s3:x-amz-server-side-encryption 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.