com.amazonaws.services.s3.model.AmazonS3Exception:Forbidden(Service:Amazon S3; Status Code:403; Error Code:403 Forbidden; Request ID:XXXXXXXX) [英] com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: XXXXXXXX)
问题描述
几天后,当我尝试将文件推送到S3Bucket时,我收到此异常。 Ealier一切似乎都有效,我确信我的代码没有任何代码更改。
From few days back i am receiving this exception when i try to push files to my S3Bucket. Ealier everything seems to work and i am sure there is no code changes from my side.
com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden
(Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden;
Request ID: XXXXXXXXXXXX),
S3 Extended Request ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1077)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:725)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:460)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3699)
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:999)
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:977)
....
....
.... ....
我遇到了许多与com.amazonaws.services.s3.model.AmazonS3异常相关的Q:Forbidden关注那些
I came across many such Q related to com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden following those
- 我已经在我的服务器上安装了NTP以解决任何时间问题。
- I还将AmazonS3Client对象的endPointUrl添加到我认为可以解决我的问题的代码中。
我还可以尝试解决的其他问题这个问题
Anything else i can try to solve this issue
我正在使用aws-java-sdk:1.9.10将文件推送到S3 Bucket。
i am using aws-java-sdk:1.9.10 for pushing files to S3 Bucket.
推荐答案
很可能您的实例尚未使用可以访问S3的IAM实例配置文件角色启动。
Most likely your instance has not been launched with an IAM instance profile role that has access to S3.
对AWS的所有访问权限服务必须使用访问密钥和密钥进行签名。当您从本地计算机执行此操作时, DefaultCredentialsProviderChain 使用 .aws / credentials 文件中定义的访问密钥和密码。
All access to AWS services must be signed with access key and secret. When you do this from your local machine the DefaultCredentialsProviderChain uses the access key and secret defined in your .aws/credentials file.
当您在AWS中启动EC2实例时,它还需要对服务请求进行签名,例如s3。但是,它通过从内部元数据服务检索它的凭据来实现这一点。
When you launch an EC2 instance in AWS it also needs to sign the requests to services, like s3. However, it does this by retrieving it's credentials from an internal metadata service.
所以你要做的是创建一个你的实例在启动时会假设的IAM实例配置文件。与用户的其他IAM配置文件一样,此IAM实例配置文件定义了实例可以访问的内容。
So what you do is create an IAM instance profile that your instance will assume when it starts up. This IAM instance profile, like other IAM profiles for user's for example, defines what the instance has access to.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles -for-amazon-ec2.html
这篇关于com.amazonaws.services.s3.model.AmazonS3Exception:Forbidden(Service:Amazon S3; Status Code:403; Error Code:403 Forbidden; Request ID:XXXXXXXX)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
