无需访问权限和 Java 密钥的 AWS S3 上传 [英] AWS S3 upload without access and secret key in Java

问题描述

我想在不使用来自 AWS 服务器的访问和密钥的情况下将文件上传到 S3.AWS 密钥应作为默认值.但是在服务器中运行以下命令我可以访问它而无需提供任何访问和密钥.

I want to upload a file to S3 without using my access and secret key from AWS server. AWS keys should be taken as default. However running the below command in server I can access it without providing any access and secret keys.

aws s3 cp somefile.txt s3://somebucket/

aws s3 cp somefile.txt s3://somebucket/

从 java 代码无法访问它，因为它无法加载凭据.下面是我的代码.

From java code its not accessible since it was unable to load credentials. Below is my code.

AmazonS3 s3client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain());

推荐答案

当您尝试从 EC2 实例连接到 S3 存储桶时，您可以使用以下 Java 代码获取 s3client 实例.

You can use the below Java code to get the s3client instance when you are trying to connect to S3 bucket from EC2 instance.

AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
              .withCredentials(new InstanceProfileCredentialsProvider(false))
              .build();

这是推荐的方式，因为应用程序不需要在属性文件中维护访问密钥.

This is the recommended way as the application doesn't require to maintain the access keys in property files.

• 应创建 IAM 角色并为此提供 S3 访问权限角色.请参阅下面的示例政策.
• 应将 IAM 角色分配给 EC2 实例

IAM 角色的示例政策:-

{
        "Action": ["s3:PutObject",
        "s3:ListBucket",
        "s3:GetObject",
        "s3:DeleteObject"],
        "Resource": ["arn:aws:s3:::yourBucketName",
        "arn:aws:s3:::yourBucketName/*"],
        "Effect": "Allow",
        "Sid": "AllowBucketLinux"
    }

这篇关于无需访问权限和 Java 密钥的 AWS S3 上传的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！