如何使用aws sdk v2将object复制到不同的亚马逊账户?
[英]How to copy object to different amazon account using aws sdk v2?
问题描述
I am working on java project in which I am using aws sdk v2 for using amazon s3 services.
我正在从事 java 项目,在该项目中我使用 aws sdk v2 来使用 amazon s3 服务。 I am performing copy operation it is working with same account but not working with different account.我正在执行复制操作,它使用相同的帐户但不使用不同的帐户。
Code:-代码:-
public void copyObjects(S3Object[] s3DestObjects, String sDestBucket, String sSourceBucket, String sSourceObject) {
try {
AwsBasicCredentials awsCreds = AwsBasicCredentials.create(
ACCESS_KEY,
SECRET_KEY);
S3ClientBuilder s3ClientBuilder =
S3Client.builder().credentialsProvider(StaticCredentialsProvider.create(awsCreds));
s3ClientBuilder.region(Region.US_EAST_2);
S3Client s3Client = s3ClientBuilder.build();
String encodedUrl = null;
try {
encodedUrl = URLEncoder.encode(sSourceBucket + "/" + sSourceObject, StandardCharsets.UTF_8.toString());
} catch (UnsupportedEncodingException e) {
System.out.println("URL could not be encoded: " + e.getMessage());
}
for (S3Object s3DestObject : s3DestObjects) {
//CopyObjectRequest copyObjectRequest = CopyObjectRequest.builder().destinationBucket(dstBucket).destinationKey(dstS3Object.key).copySource(encodedUrl).build();
CopyObjectRequest copyObjectRequest = CopyObjectRequest.builder()
.copySource(encodedUrl)
.destinationBucket(sDestBucket)
.destinationKey(s3DestObject.key)
.metadata(s3DestObject.getMetadata()).metadataDirective(MetadataDirective.REPLACE)
.build();
CopyObjectResponse copyObjectResponse = s3Client.copyObject(copyObjectRequest);
}
} catch (S3Exception e) {
throw e;
}
}
This above code is working with same account bucket but not working with different account bucket and getting error:-上面的代码使用相同的帐户存储桶,但不使用不同的帐户存储桶并出现错误:-
Access Denied (Service: S3, Status Code: 403, Request ID: 4VCND27Z6P3CEJ8H, Extended Request ID: 2T88jx4+R+LjO74pBHOhJj8uOUx6M4Hx3UYYkWm4Sbf6cb9NVM8f5DvFcanv0rbXhZUfEkqpSuI=)
please suggest how can i do copy objects to different accounts?请建议我如何将对象复制到不同的帐户?
1 个解决方案
解决方案1
2 2021-10-08 23:24:14
It appears your situation is:看来你的情况是:
- You have Amazon S3 buckets in different AWS Accounts您在不同的 AWS 账户中有 Amazon S3 存储桶
- You wish to copy objects between the buckets您希望在存储桶之间复制对象
There are two ways to do this:有两种方法可以做到这一点:
1. 'Push' the objects 1.“推”对象
If your code is running in Account A and you wish to copy from a bucket in Account A to a bucket in Account B, then you will need:如果您的代码在账户 A 中运行,并且您希望从账户 A 中的存储桶复制到账户 B 中的存储桶,那么您将需要:
- Permission on the IAM Entity (eg IAM User or IAM Role) that is being used by your program to write to the bucket in Account B, AND您的程序正在使用 IAM 实体(例如 IAM 用户或 IAM 角色)写入账户 B 中的存储桶的权限,以及
- A bucket policy on the bucket in Account B that permits the IAM Entity used by your program to write to the bucket账户 B 中存储桶的存储桶策略,允许您的程序使用的 IAM 实体写入存储桶
- When copying the object, you must set
ACL=bucket-owner-full-controlto 'hand-over' ownership of the object to the destination AWS Account复制 object 时,您必须设置ACL=bucket-owner-full-control以将 object 的所有权“移交”到目标 AWS 账户
OR或者
2. 'Pull' the objects 2.“拉”对象
If your code is running in Account B and you wish to copy from a bucket in Account A to a bucket in Account B, then you will need:如果您的代码在账户 B 中运行,并且您希望从账户 A 中的存储桶复制到账户 B 中的存储桶,那么您将需要:
- Permission on the IAM Entity (eg IAM User or IAM Role) that is being used by your program to read from the bucket in Account A, AND您的程序正在使用 IAM 实体(例如 IAM 用户或 IAM 角色)从账户 A 中的存储桶中读取的权限,以及
- A bucket policy on the bucket in Account A that permits the IAM Entity used by your program to read from the bucket账户 A 中存储桶的存储桶策略,允许您的程序使用的 IAM 实体从存储桶中读取数据
Note that in both cases, your program needs permission from the AWS Account it is running in AND a bucket policy on the bucket in the other AWS Account.请注意,在这两种情况下,您的程序都需要来自运行它的 AWS 账户的权限以及其他 AWS 账户中存储桶的存储桶策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.