[英]How to upload a file to Amazon S3 with the kms role?
我想從提供IAM憑據的環境中將文件上傳到Amazon S3。 但是我收到此錯誤:
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: EF93490A8356F585)
IAM角色如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sam-94a493b-dev"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::sam-bbcb194a493b-dev/*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:us-east-1:000351272236:key/9b7a989c-ee8e-4c83-b765-6debe0f94eaa"
]
}
]
}
我使用默認客戶端訪問Amazon S3客戶端,並使用putObject
方法將一個對象放入具有fileNameWithPath
(path / in / s3 / filename.ext)的存儲桶中,用於訪問s3的代碼如下:
AmazonS3 s3client = AmazonS3ClientBuilder.defaultClient();
s3client.putObject(bucketName, fileNameWithPath, file)
我得到的錯誤是:
com.amazonaws.services.s3.model.AmazonS3Exception: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: EF93490A8356F585)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1587) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1257) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1029) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:741) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:715) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:697) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:665) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:647) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:511) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4227) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4174) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1722) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1577) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.example.services.S3Service.uploadFile(S3Service.java:63) ~[classes!/:?]
我的aws sdk版本是1.11.163
,默認情況下應該具有簽名版本4。 我不確定問題出在哪里
我已經嘗試在putObject
設置各種SSEAlgorithm,例如“ AES256”和“ AWS4-HMAC-SHA256”,但這些操作沒有幫助。
任何線索將被應用。
我按照以下步驟解決了這個問題-
PutObjectRequest
明確指定request
new ObjectMetadata
並將SSEAlgorithm
設置為它-“ aws:kms”。 objectMetadata
附加到request
。 putObject
方法發送request
。 這是代碼-
PutObjectRequest request = new PutObjectRequest(bucketName, ruleFilePath, file);
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setSSEAlgorithm("aws:kms");
request.setMetadata(objectMetadata);
this.s3client.putObject(request);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.