stackoom
  简体   繁体   中英

AWS S3 Java: doesObjectExist results in 403: FORBIDDEN

 原文  2017-05-30 07:50:37       java/ amazon-web-services/ amazon-s3/ amazon-ec2/ http-status-code-403

Question

I'm having trouble with my Java program using the AWS SDK to interact with an S3 bucket.

This is the code I use to create an S3 client: 

public S3StorageManager(S3Config config) throws StorageException {

   BasicAWSCredentials credentials = new BasicAWSCredentials(myAccessKey(), mySecretKey());
   AWSStaticCredentialsProvider provider = new AWSStaticCredentialsProvider(credentials);

   this.s3Client = AmazonS3ClientBuilder
        .standard()
        .withCredentials(provider)
        .withRegion(myRegion)
        .build();

When I try to download a file, before starting the download I check wether the file exists or not with: 

s3Client.doesObjectExists(bucketName, objectName);

This is where I get 403: FORBIDDEN. The weird thing is this problem is raised only when I try to perform an object existence check before performing uploads in the same session. In other words, after initializing the s3Client: - if I first try to check if an object exists, it raises the FORBIDDEN problem; - if I first perform file upload, it works fine and after that any object existence check works fine as well;

Here is my stacktrace: 

com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Reques
t ID: A23BB805491E411F)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588) ~[aws-java-sdk-core-1.
11.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258) ~[aws-java-sdk-core-1.11
.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030) ~[aws-java-sdk-core-1.11.128
.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742) ~[aws-java-sdk-core-1.11.128.jar:
?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) ~[aws-java-sdk-core-1.11.1
28.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) ~[aws-java-sdk-core-1.11.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) ~[aws-java-sdk-core-1.11.128.jar
:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) ~[aws-java-sdk-core-1.1
1.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) ~[aws-java-sdk-core-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4169) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4116) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1237) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1213) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.doesObjectExist(AmazonS3Client.java:1272) ~[aws-java-sdk-s3-1.11.128.jar:?]

Another weird thing is that all these problems started when I moved my Java program an EC2 remote machine. If I execute it on my local machine, the S3 interaction works fine. However I don't think the problem depends on the IAM roles, since I use the AWSStaticCredentialsProvider.

4 answers

solution1
 2  2017-06-19 13:41:11

Your credentials may be correct, but you will still get FORBIDDEN if you do not set the correct IAM polices. To check for objects in s3 you need the following: 

{
    "Version":"2012-10-17",
    "Statement":[
        {
            "Effect":"Allow",
            "Action":[
            "s3:ListBucket"
            ],
            "Resource":["arn:aws:s3:::examplebucket/*"]
        },
        {
            "Effect":"Allow",
            "Action":[
            "s3:GetObject"
            ],
          "Resource":["arn:aws:s3:::examplebucket/*"]
        }
    ]
}

solution2
 1  2017-09-15 12:10:37

确保在您发出请求的机器上正确设置了日期时间,否则将收到403。

solution3
 1  2019-03-07 06:25:47

您需要对存储桶执行操作“ ListBucket”,而不需要对存储桶中的文件执行操作,例如:{“ Action”:[“ s3:ListBucket”],“ Resource”:“ arn:aws:s3 ::: bucketName”,“效果”:“允许”}

solution4
 0  2017-05-30 08:16:29

I really look like an IAM policy issue. What is your user's policies on your local machine vs what is your IAM role with which policy(ies)? For your EC2 instance, when you create it, create a role with "AmazonS3FullAccess" policy, if it solves the problem you'll remove the useless rights.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS S3 doesObjectExist costs AWS S3 Java Access Denied Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; How to resolve AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: null) using java AWS SQS - SpringBoot - 403 Forbidden Android HttpURLConnection PUT to Amazon AWS S3 403 error 403 forbidden for url in java but not in browser Java SSL error 403 Forbidden com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: XXXXXXXX) 403 Forbidden with Java but not web browser? java HttpClient 403 forbidden problem?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM