com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: XXXXXXXX) [英] com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: XXXXXXXX)
问题描述
几天前,当我尝试将文件推送到我的 S3Bucket 时,我收到了此异常.Ealier 似乎一切正常,我确信我这边没有代码更改.
From few days back i am receiving this exception when i try to push files to my S3Bucket. Ealier everything seems to work and i am sure there is no code changes from my side.
com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden
(Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden;
Request ID: XXXXXXXXXXXX),
S3 Extended Request ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1077)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:725)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:460)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3699)
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:999)
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:977)
........
我遇到了许多与 com.amazonaws.services.s3.model.AmazonS3Exception 相关的 Q:禁止关注这些问题
I came across many such Q related to com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden following those
- 我已经在我的服务器上安装了 NTP 来解决任何与时间相关的问题.
- 我还在代码中为AmazonS3Client"对象添加了 endPointUrl,我认为这可以解决我的问题.
还有什么我可以尝试解决这个问题
Anything else i can try to solve this issue
我正在使用 aws-java-sdk:1.9.10 将文件推送到 S3 Bucket.
i am using aws-java-sdk:1.9.10 for pushing files to S3 Bucket.
推荐答案
很可能您的实例尚未使用有权访问 S3 的 IAM 实例配置文件角色启动.
Most likely your instance has not been launched with an IAM instance profile role that has access to S3.
对 AWS 服务的所有访问都必须使用访问密钥和秘密进行签名.当您从本地计算机执行此操作时,DefaultCredentialsProviderChain 使用您的 .aws/credentials 文件中定义的访问密钥和秘密.
All access to AWS services must be signed with access key and secret. When you do this from your local machine the DefaultCredentialsProviderChain uses the access key and secret defined in your .aws/credentials file.
当您在 AWS 中启动 EC2 实例时,它还需要签署对服务的请求,例如 s3.但是,它是通过从内部元数据服务检索凭据来实现的.
When you launch an EC2 instance in AWS it also needs to sign the requests to services, like s3. However, it does this by retrieving it's credentials from an internal metadata service.
因此,您要做的是创建一个 IAM 实例配置文件,您的实例在启动时将采用该配置文件.此 IAM 实例配置文件与用户的其他 IAM 配置文件一样,定义了实例有权访问的内容.
So what you do is create an IAM instance profile that your instance will assume when it starts up. This IAM instance profile, like other IAM profiles for user's for example, defines what the instance has access to.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
这篇关于com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: XXXXXXXX)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
