如何使用在端口443上部署的API尝试读取S3对象来修复AWS S3上的访问被拒绝的问题

Question

I have a Restful API (asp .net 4.5.2) deployed on EC2 instance and EC2 instance is having IAM role for accessing S3 bucket (full access to bucket). Now when I am trying to read the objects in bucket, it is returning Access Denied (403) in response and when I am trying to upload any attachment via pre-signed url, it is returning AWS signature mismatch in response when my API is deployed on port 443 but it is working fine when API is deployed on any other port like 80/81 and bucket is accessible through aws-cli. Any idea why it might be happening?

my code snippets for reading objects:

using (var s3Client = new AmazonS3Client(bucketRegion))
{
ListObjectsV2Request request = new ListObjectsV2Request
{
BucketName = bucketName,
MaxKeys = 10
};
ListObjectsV2Response response;

response = s3Client.ListObjectsV2Async(request).Result;
            // Process the response.
            foreach (S3Object entry in response.S3Objects)
            {
                keyValuePairs.Add(entry.Key, entry.Size);
            }

}

Answer 1

I need to pass the InstanceProfileAWSCredentials profile while instantiating s3Client object and it solved my problem.

var profile = new InstanceProfileAWSCredentials();
using (var s3Client = new AmazonS3Client(profile, bucketRegion))
{
ListObjectsV2Request request = new ListObjectsV2Request
{
BucketName = bucketName,
MaxKeys = 10
};
ListObjectsV2Response response;

response = s3Client.ListObjectsV2Async(request).Result;
        // Process the response.
        foreach (S3Object entry in response.S3Objects)
        {
            keyValuePairs.Add(entry.Key, entry.Size);
        }

}

Answer 2

This could be an issue related to your security group on EC2 instances. you have to open port 443 (HTTPS). if this does not work the issue is related to port being in use by another application. check all your services that uses port 443.