403 - 在AWS EC2实例上运行的服务上列出对象时的AccessDenied

Question

I have an EC2 instance running with an IAM role attached to it.

If I run the following on the terminal of that instance it correctly lists the content of the bucket.

aws s3 ls --region my-region s3://my-bucket-name

But if I run what I think is the same code, but in Java, I get a 403

AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
        .withRegion(my-region)
        .withCredentials(new InstanceProfileCredentialsProvider(false))
        .withPayloadSigningEnabled(true)
        .build();
s3Client.listObjectsV2(my-bucket-name);

Generates the following

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied

Same goes for the original listObjects

s3Client.listObjects(TestArtefactsBucket);

Since I am using InstanceProfileCredentialsProvider, this should be using the same profile as used by the CLI, so therefore be using the same permissions?

I'm using com.amazonaws:aws-java-sdk-s3:1.11.93 and since it was mentioned in another thread, I'm using joda-time:joda-time:2.9.7.

Version of Java is java-1.8.0-openjdk.x86_64.

Any help would be appreciated, I'm convinced the permissions are set up correctly, but I am having no luck getting access.

I should also add that I can list the bucket content running the following cli command on the EC2 instance as wel

aws s3api list-objects-v2 --region my-region --bucket my-bucket

Thanks

Answer 1

At first you have to check your IAM role [ Access Key & Secret Key ] which is being used for the API.

If [ Access Key & Secret Key ] is ok and you are facing same problem then you need to check IAM role policy, set S3 Full Access. This access permission is very much important and most of the time this permission setting solve access denied problem. Hope it will work for you.

S3 access permission

Still not working? Then check bucket policy, who can read and write objects in the bucket.