com.amazonaws.services.s3.model.AmazonS3Exception:访问被拒绝 [英] com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied
问题描述
这是我的Java代码:
Here's my Java code:
AmazonS3 conn = new AmazonS3Client();
AmazonS3URI uri = new AmazonS3URI(s3uri);
ObjectListing objects = conn.listObjects(uri.getBucket(), uri.getKey());
一个非常简单的任务,我尝试使用AmazonS3 Java客户端访问S3,但此行conn.listObjects一直失败,并给了我以下异常:
A very simple task, I try to use AmazonS3 Java client to access S3, but this line conn.listObjects keeps failing and gave me the following exception:
Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXX), S3 Extended Request ID: xxxxxxxxx
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3826)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3778)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:610)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:588)
-
一个非常明显的错误代码:403,它表示我的aws凭证是错误的,但是,这与我的同事用来访问同一s3存储桶的凭证完全相同,以排除我有一个a3凭证的可能性.我在某处打错了字面意思,我从字面上删除了我的上一个,并使用了我同事发送给我的那个,并将其放在〜/.aws/
A very obvious error code: 403 which denotes my aws credentials are wrong, however, this is exactly the same credentials that my coworkers are using to access the same s3 bucket, to rule out the possibility that I have a typo somewhere, I literally deleted my previous one and used the same one that my coworkers sent to me and put them under ~/.aws/
我还研究了其他可能的原因,可能是该S3存储桶未授予我的IAM角色权限,显然也不是我的情况.
I also researched other possible reasons, one could be that this S3 bucket doesn't give the permissions to my IAM role, apparently that is not be my case either.
有什么需要帮助的吗? 可能是罪魁祸首?
Any help please? What could be the culprit?
推荐答案
The AWS SDK for Java has a DefaultAWSCredentialsProviderChain that checks credentials in this order:
- 环境变量-AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY(由于除了.NET以外,所有AWS开发工具包和CLI都可以识别它们,因此推荐使用,或者AWS_ACCESS_KEY和AWS_SECRET_KEY(仅Java SDK可以识别)
- Java系统属性-aws.accessKeyId和aws.secretKey 由所有AWS开发工具包和AWS CLI共享的默认位置(
- 凭证配置文件
- 通过 Amazon EC2容器服务传递的凭据(如果设置了
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI环境变量并且安全管理器有权访问该变量) - 通过 Amazon EC2元数据服务 提供的实例配置文件凭证
~/.aws/credentials)上的- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
- Java System Properties - aws.accessKeyId and aws.secretKey
- Credential profiles file at the default location (
~/.aws/credentials) shared by all AWS SDKs and the AWS CLI - Credentials delivered through the Amazon EC2 container service if
AWS_CONTAINER_CREDENTIALS_RELATIVE_URIenvironment variable is set and security manager has permission to access the variable - Instance profile credentials delivered through the Amazon EC2 metadata service
有可能在查询所需的配置文件之前先设置了凭据.
It is possible that your credentials are being set prior to your desired configuration file being consulted.
一种检查使用哪种凭据的方法是使用aws iam get-user命令显示当前用户.您也可以在Java中使用
One way to check which credentials are being used is to use the aws iam get-user command to show the current user. You could also try that in Java with the GetUser() call.
这篇关于com.amazonaws.services.s3.model.AmazonS3Exception:访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
