AWS S3 Java:dosObjectExist结果为403:禁止
[英]AWS S3 Java: doesObjectExist results in 403: FORBIDDEN
问题描述
I'm having trouble with my Java program using the AWS SDK to interact with an S3 bucket. 
使用AWS开发工具包与S3存储桶进行交互的Java程序遇到问题。
This is the code I use to create an S3 client: 这是我用来创建S3客户端的代码:
public S3StorageManager(S3Config config) throws StorageException {
BasicAWSCredentials credentials = new BasicAWSCredentials(myAccessKey(), mySecretKey());
AWSStaticCredentialsProvider provider = new AWSStaticCredentialsProvider(credentials);
this.s3Client = AmazonS3ClientBuilder
.standard()
.withCredentials(provider)
.withRegion(myRegion)
.build();
When I try to download a file, before starting the download I check wether the file exists or not with: 当我尝试下载文件时,在开始下载之前,请使用以下命令检查文件是否存在:
s3Client.doesObjectExists(bucketName, objectName);
This is where I get 403: FORBIDDEN. 这是我得到403:禁止的地方。 The weird thing is this problem is raised only when I try to perform an object existence check before performing uploads in the same session. 奇怪的是,仅当我尝试在同一会话中执行上传之前尝试执行对象存在检查时,才会引发此问题。 In other words, after initializing the s3Client: - if I first try to check if an object exists, it raises the FORBIDDEN problem; 换句话说,在初始化s3Client之后:-如果我首先尝试检查对象是否存在,它将引发FORBIDDEN问题; - if I first perform file upload, it works fine and after that any object existence check works fine as well; -如果我第一次执行文件上传,则可以正常工作,然后进行任何对象存在检查也可以;
Here is my stacktrace: 这是我的堆栈跟踪:
com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Reques
t ID: A23BB805491E411F)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588) ~[aws-java-sdk-core-1.
11.128.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258) ~[aws-java-sdk-core-1.11
.128.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030) ~[aws-java-sdk-core-1.11.128
.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742) ~[aws-java-sdk-core-1.11.128.jar:
?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) ~[aws-java-sdk-core-1.11.1
28.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) ~[aws-java-sdk-core-1.11.128.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) ~[aws-java-sdk-core-1.11.128.jar
:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) ~[aws-java-sdk-core-1.1
1.128.jar:?]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) ~[aws-java-sdk-core-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4169) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4116) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1237) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1213) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.doesObjectExist(AmazonS3Client.java:1272) ~[aws-java-sdk-s3-1.11.128.jar:?]
Another weird thing is that all these problems started when I moved my Java program an EC2 remote machine. 另一个奇怪的是,所有这些问题都是在我将Java程序移至EC2远程计算机时开始的。 If I execute it on my local machine, the S3 interaction works fine. 如果我在本地计算机上执行它,则S3交互可以正常工作。 However I don't think the problem depends on the IAM roles, since I use the AWSStaticCredentialsProvider. 但是,我认为问题不取决于IAM角色,因为我使用的是AWSStaticCredentialsProvider。
4 个解决方案
解决方案1
2 2017-06-19 13:41:11
Your credentials may be correct, but you will still get FORBIDDEN if you do not set the correct IAM polices. 您的凭据可能是正确的,但是如果您没有设置正确的IAM策略,您仍然会被禁止。 To check for objects in s3 you need the following: 要检查s3中的对象,您需要:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:ListBucket"
],
"Resource":["arn:aws:s3:::examplebucket/*"]
},
{
"Effect":"Allow",
"Action":[
"s3:GetObject"
],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
解决方案2
1 2017-09-15 12:10:37
确保在您发出请求的机器上正确设置了日期时间,否则将收到403。
解决方案3
1 2019-03-07 06:25:47
您需要对存储桶执行操作“ ListBucket”,而不需要对存储桶中的文件执行操作,例如:{“ Action”:[“ s3:ListBucket”],“ Resource”:“ arn:aws:s3 ::: bucketName”,“效果”:“允许”}
解决方案4
0 2017-05-30 08:16:29
I really look like an IAM policy issue. 我真的看起来像是IAM政策问题。 What is your user's policies on your local machine vs what is your IAM role with which policy(ies)? 您在本地计算机上的用户策略是什么?与哪些IAM角色一起使用哪个策略? For your EC2 instance, when you create it, create a role with "AmazonS3FullAccess" policy, if it solves the problem you'll remove the useless rights. 对于您的EC2实例,在创建它时,请使用“ AmazonS3FullAccess”策略创建一个角色,如果它解决了问题,您将删除无用的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.