AWS S3 Java:d​​oesObjectExist 结果为 403:禁止 [英] AWS S3 Java: doesObjectExist results in 403: FORBIDDEN

问题描述

我的 Java 程序使用 AWS 开发工具包与 S3 存储桶交互时遇到问题.

I'm having trouble with my Java program using the AWS SDK to interact with an S3 bucket.

这是我用来创建 S3 客户端的代码:

This is the code I use to create an S3 client:

public S3StorageManager(S3Config config) throws StorageException {

   BasicAWSCredentials credentials = new BasicAWSCredentials(myAccessKey(), mySecretKey());
   AWSStaticCredentialsProvider provider = new AWSStaticCredentialsProvider(credentials);

   this.s3Client = AmazonS3ClientBuilder
        .standard()
        .withCredentials(provider)
        .withRegion(myRegion)
        .build();

当我尝试下载文件时，在开始下载之前，我会检查文件是否存在:

When I try to download a file, before starting the download I check wether the file exists or not with:

s3Client.doesObjectExists(bucketName, objectName);

这是我得到 403:禁止的地方.奇怪的是，仅当我在同一会话中执行上传之前尝试执行对象存在检查时才会出现此问题.换句话说，在初始化 s3Client 之后:- 如果我首先尝试检查对象是否存在，则会引发 FORBIDDEN 问题；- 如果我第一次执行文件上传，它工作正常，之后任何对象存在检查也工作正常；

This is where I get 403: FORBIDDEN. The weird thing is this problem is raised only when I try to perform an object existence check before performing uploads in the same session. In other words, after initializing the s3Client: - if I first try to check if an object exists, it raises the FORBIDDEN problem; - if I first perform file upload, it works fine and after that any object existence check works fine as well;

这是我的堆栈跟踪:

com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Reques
t ID: A23BB805491E411F)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588) ~[aws-java-sdk-core-1.
11.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258) ~[aws-java-sdk-core-1.11
.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030) ~[aws-java-sdk-core-1.11.128
.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742) ~[aws-java-sdk-core-1.11.128.jar:
?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) ~[aws-java-sdk-core-1.11.1
28.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) ~[aws-java-sdk-core-1.11.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) ~[aws-java-sdk-core-1.11.128.jar
:?]
        at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) ~[aws-java-sdk-core-1.1
1.128.jar:?]
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) ~[aws-java-sdk-core-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4169) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4116) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1237) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1213) ~[aws-java-sdk-s3-1.11.128.jar:?]
        at com.amazonaws.services.s3.AmazonS3Client.doesObjectExist(AmazonS3Client.java:1272) ~[aws-java-sdk-s3-1.11.128.jar:?]

另一个奇怪的事情是，当我将 Java 程序移到 EC2 远程机器时，所有这些问题都开始了.如果我在本地机器上执行它，S3 交互工作正常.但是我不认为问题取决于 IAM 角色，因为我使用了 AWSStaticCredentialsProvider.

Another weird thing is that all these problems started when I moved my Java program an EC2 remote machine. If I execute it on my local machine, the S3 interaction works fine. However I don't think the problem depends on the IAM roles, since I use the AWSStaticCredentialsProvider.

推荐答案

您的凭据可能是正确的，但如果您没有设置正确的 IAM 策略，您仍然会收到 FORBIDDEN.要检查 s3 中的对象，您需要以下内容:

Your credentials may be correct, but you will still get FORBIDDEN if you do not set the correct IAM polices. To check for objects in s3 you need the following:

{
    "Version":"2012-10-17",
    "Statement":[
        {
            "Effect":"Allow",
            "Action":[
            "s3:ListBucket"
            ],
            "Resource":["arn:aws:s3:::examplebucket/*"]
        },
        {
            "Effect":"Allow",
            "Action":[
            "s3:GetObject"
            ],
          "Resource":["arn:aws:s3:::examplebucket/*"]
        }
    ]
}

这篇关于AWS S3 Java:d​​oesObjectExist 结果为 403:禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！