没有访问权限的AWS S3上载和Java中的密钥
[英]AWS S3 upload without access and secret key in Java
问题描述
I want to upload a file to S3 without using my access and secret key from AWS server. 
我想在不使用AWS服务器的访问权限和密钥的情况下将文件上传到S3。 AWS keys should be taken as default. AWS键应作为默认值。 However running the below command in server I can access it without providing any access and secret keys. 但是,在服务器中运行以下命令,我可以访问它而无需提供任何访问和密钥。
aws s3 cp somefile.txt s3://somebucket/
From java code its not accessible since it was unable to load credentials. 从Java代码,它无法访问,因为它无法加载凭据。 Below is my code. 以下是我的代码。
AmazonS3 s3client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain());
2 个解决方案
解决方案1
5 已采纳 2017-05-19 08:57:38
You can use the below Java code to get the s3client instance when you are trying to connect to S3 bucket from EC2 instance. 当您尝试从EC2实例连接到S3存储桶时,可以使用以下Java代码获取s3client实例。
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new InstanceProfileCredentialsProvider(false))
.build();
This is the recommended way as the application doesn't require to maintain the access keys in property files. 这是推荐的方法,因为应用程序不需要在属性文件中维护访问键。
- IAM role should be created and S3 access should be provided for that role. 应创建IAM角色,并为该角色提供S3访问权限。 See the sample policy below. 请参阅下面的示例政策。
- The IAM role should be assigned to the EC2 instance 应将IAM角色分配给EC2实例
Sample policy for IAM role:- IAM角色的示例政策: -
{
"Action": ["s3:PutObject",
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject"],
"Resource": ["arn:aws:s3:::yourBucketName",
"arn:aws:s3:::yourBucketName/*"],
"Effect": "Allow",
"Sid": "AllowBucketLinux"
}
解决方案2
4 2017-05-19 06:30:46
As per documentation AWS credentials provider chain that looks for credentials in this order : 根据文档AWS凭证提供程序链,按此顺序查找凭据:
- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK) 环境变量 - AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY(推荐,因为它们被除.NET以外的所有AWS开发工具包和CLI识别),或AWS_ACCESS_KEY和AWS_SECRET_KEY(仅由Java SDK识别)
- Java System Properties - aws.accessKeyId and aws.secretKey Java系统属性 - aws.accessKeyId和aws.secretKey
- Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI 凭据配置文件位于所有AWS开发工具包和AWS CLI共享的默认位置(〜/ .aws / credentials)
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable, 如果设置了AWS_CONTAINER_CREDENTIALS_RELATIVE_URI“环境变量且安全管理员有权访问变量,则通过Amazon EC2容器服务提供凭据,
- Instance profile credentials delivered through the Amazon EC2 metadata service 通过Amazon EC2元数据服务提供的实例配置文件凭据
Check you have specify valid credentials in any of above. 检查您是否在上述任何一项中指定了有效凭据。
Ref : http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html 参考: http : //docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.