AWS S3 Java：d​​osObjectExist结果为403：禁止 [英] AWS S3 Java: doesObjectExist results in 403: FORBIDDEN

问题描述

使用AWS开发工具包与S3存储桶进行交互的Java程序遇到麻烦。

I'm having trouble with my Java program using the AWS SDK to interact with an S3 bucket.

这是我用来创建S3客户端的代码：

This is the code I use to create an S3 client:

public S3StorageManager(S3Config config) throws StorageException {

   BasicAWSCredentials credentials = new BasicAWSCredentials(myAccessKey(), mySecretKey());
   AWSStaticCredentialsProvider provider = new AWSStaticCredentialsProvider(credentials);

   this.s3Client = AmazonS3ClientBuilder
        .standard()
        .withCredentials(provider)
        .withRegion(myRegion)
        .build();

当我尝试下载文件时，在开始下载之前我先检查文件是否存在：

When I try to download a file, before starting the download I check wether the file exists or not with:

s3Client.doesObjectExists(bucketName, objectName);

这就是我得到403：禁止的地方。
奇怪的是，仅当我尝试在同一会话中执行上载之前执行对象存在性检查时，才会引发此问题。
换句话说，在初始化s3Client之后：
-如果我首先尝试检查对象是否存在，则会引发FORBIDDEN问题；
-如果我第一次执行文件上传，则工作正常，之后所有对象是否存在检查也正常；

This is where I get 403: FORBIDDEN. The weird thing is this problem is raised only when I try to perform an object existence check before performing uploads in the same session. In other words, after initializing the s3Client: - if I first try to check if an object exists, it raises the FORBIDDEN problem; - if I first perform file upload, it works fine and after that any object existence check works fine as well;

这是我的堆栈跟踪：

com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Reques
t ID: A23BB805491E411F)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588) ~[aws-java-sdk-core-1.
11.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258) ~[aws-java-sdk-core-1.11
.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030) ~[aws-java-sdk-core-1.11.128
.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742) ~[aws-java-sdk-core-1.11.128.jar:
?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) ~[aws-java-sdk-core-1.11.1
28.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) ~[aws-java-sdk-core-1.11.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) ~[aws-java-sdk-core-1.11.128.jar
:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) ~[aws-java-sdk-core-1.1
1.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) ~[aws-java-sdk-core-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4169) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4116) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1237) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1213) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.doesObjectExist(AmazonS3Client.java:1272) ~[aws-java-sdk-s3-1.11.128.jar:?]

另一个奇怪的事情是，当我将Java程序移至EC2远程计算机时，所有这些问题都开始了。
如果我在本地计算机上执行它，则S3交互可以正常工作。
但是，我不认为问题取决于IAM角色，因为我使用AWSStaticCredentialsProvider。

Another weird thing is that all these problems started when I moved my Java program an EC2 remote machine. If I execute it on my local machine, the S3 interaction works fine. However I don't think the problem depends on the IAM roles, since I use the AWSStaticCredentialsProvider.

推荐答案

您的凭据可能是正确的，但是如果您没有设置正确的IAM策略，您仍然会被禁止。要在s3中检查对象，您需要执行以下操作：

Your credentials may be correct, but you will still get FORBIDDEN if you do not set the correct IAM polices. To check for objects in s3 you need the following:

{
    "Version":"2012-10-17",
    "Statement":[
        {
            "Effect":"Allow",
            "Action":[
            "s3:ListBucket"
            ],
            "Resource":["arn:aws:s3:::examplebucket/*"]
        },
        {
            "Effect":"Allow",
            "Action":[
            "s3:GetObject"
            ],
          "Resource":["arn:aws:s3:::examplebucket/*"]
        }
    ]
}

这篇关于AWS S3 Java：d​​osObjectExist结果为403：禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！