AWS S3-com.amazonaws.AmazonServiceException：請求ARN無效

Question

我正在嘗試讓我的Android應用程序從AWS S3下載圖像。 但是，不斷出現以下異常：

com.amazonaws.AmazonServiceException: Request ARN is invalid (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: 3481bd5f-1db2-11e5-8442-cb6f713243b6)
            at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:710)
            at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:385)
            at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:196)
            at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:875)
            at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRoleWithWebIdentity(AWSSecurityTokenServiceClient.java:496)
            at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithSts(CognitoCredentialsProvider.java:671)
            at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:555)
            at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:503)
            at com.application.app.utils.helper.S3Utils.getCredProvider(S3Utils.java:35)
            at com.application.app.utils.helper.S3Utils.getS3Client(S3Utils.java:45)
            at com.application.app.integration.volley.CustomImageRequest.parseNetworkError(CustomImageRequest.java:73)
            at com.android.volley.NetworkDispatcher.parseAndDeliverNetworkError(NetworkDispatcher.java:144)
            at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:135)

我有一個水桶和一個身份池。 另外，創建所需的角色。

我的Cognito_APPUnauth_Role具有以下INLINE政策：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1435504517000",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket/*"
            ]
        }
    ]
}

我有一個名為S3Utils的Java類，它具有一些幫助程序方法。

public class S3Utils {
    private static AmazonS3Client sS3Client;

    private static CognitoCachingCredentialsProvider sCredProvider;

    public static CognitoCachingCredentialsProvider getCredProvider(Context context){
        if (sCredProvider == null) {
            sCredProvider = new CognitoCachingCredentialsProvider(
                    context,
                    Definitions.AWS_ACCOUNT_ID,
                    Definitions.COGNITO_POOL_ID,
                    Definitions.COGNITO_ROLE_UNAUTH,
                    null,
                    Regions.US_EAST_1
            );
        }

        sCredProvider.refresh();
        return sCredProvider;
    }

    public static String getPrefix(Context context) {
        return getCredProvider(context).getIdentityId() + "/";
    }

    public static AmazonS3Client getS3Client(Context context) {
        if (sS3Client == null) {
            sS3Client = new AmazonS3Client(getCredProvider(context));
        }
        return sS3Client;
    }

    public static String getFileName(String path) {
        return path.substring(path.lastIndexOf("/") + 1);
    }

    public static boolean doesBucketExist() {
        return sS3Client.doesBucketExist(Definitions.BUCKET_NAME.toLowerCase(Locale.US));
    }

    public static void createBucket() {
        sS3Client.createBucket(Definitions.BUCKET_NAME.toLowerCase(Locale.US));
    }

    public static void deleteBucket() {
        String name = Definitions.BUCKET_NAME.toLowerCase(Locale.US);
        List<S3ObjectSummary> objData = sS3Client.listObjects(name).getObjectSummaries();
        if (objData.size() > 0) {
            DeleteObjectsRequest emptyBucket = new DeleteObjectsRequest(name);
            List<DeleteObjectsRequest.KeyVersion> keyList = new ArrayList<DeleteObjectsRequest.KeyVersion>();
            for (S3ObjectSummary summary : objData) {
                keyList.add(new DeleteObjectsRequest.KeyVersion(summary.getKey()));
            }
            emptyBucket.withKeys(keyList);
            sS3Client.deleteObjects(emptyBucket);
        }
        sS3Client.deleteBucket(name);
    }
}

CustomImageRequest.java中發生異常的方法的一部分：

s3Client = S3Utils.getS3Client(context);
            ObjectListing objects = s3Client.listObjects(new ListObjectsRequest().withBucketName(Definitions.BUCKET_NAME).withPrefix(this.urlToRetrieve));
            List<S3ObjectSummary> objectSummaries = objects.getObjectSummaries();
            //This isn't just an id, it is a full picture name in S3 bucket.
            for (S3ObjectSummary summary : objectSummaries)
            {
                String key = summary.getKey();
                if (!key.equals(this.urlToRetrieve)) continue;
                S3ObjectInputStream content = s3Client.getObject(Definitions.BUCKET_NAME, key).getObjectContent();
                try {
                    this.s3Image = IOUtils.toByteArray(content);

                } catch (IOException e) {
                }

                return new Object();
            }

我做錯了什么，導致每次都拋出此異常。 提前致謝。

Answer 1

我猜您指定的角色ARN中可能存在錯誤。 角色ARN應該看起來像

阿爾恩：AWS：cognito身份：美國東部-1：ACCOUNTNUMBER：identitypool /美東1：UUID

如果拼寫錯誤，或者遺漏了一部分，則可能會出現錯誤。 您可能還需要考慮為用戶提供新的CognitoCachingCredentialsProvider構造函數。

sCredProvider = new CognitoCachingCredentialsProvider(
                context,
                Definitions.COGNITO_POOL_ID,
                Regions.US_EAST_1
        );

但是，請注意，您必須確保已在Cognito控制台中指定了角色ARN，但這將有助於防止將來出現此問題。

為清楚起見，進行了格式設置和編輯，並添加了如果使用新的構造函數，則需要在控制台中修改ARN。

AWS S3-com.amazonaws.AmazonServiceException：請求ARN無效

問題描述

1 個解決方案

解決方案1
0 2015-06-29 17:19:01

AWS S3-com.amazonaws.AmazonServiceException：請求ARN無效

問題描述

1 個解決方案

解決方案1 0 2015-06-29 17:19:01

解決方案1
0 2015-06-29 17:19:01