我在使用AWS開發工具包與S3存儲桶交互的Java程序中遇到問題。AWS S3 Java:doesObjectExist結果403:FORBIDDEN
這是我用它來創建一個S3客戶端的代碼:當我嘗試下載一個文件,開始下載我請檢查是否文件存在與否與之前
public S3StorageManager(S3Config config) throws StorageException {
BasicAWSCredentials credentials = new BasicAWSCredentials(myAccessKey(), mySecretKey());
AWSStaticCredentialsProvider provider = new AWSStaticCredentialsProvider(credentials);
this.s3Client = AmazonS3ClientBuilder
.standard()
.withCredentials(provider)
.withRegion(myRegion)
.build();
:
s3Client.doesObjectExists(bucketName, objectName);
這是我得到403:FORBIDDEN。 奇怪的是,只有當我在同一個會話中執行上傳之前嘗試執行對象存在檢查時纔會引發此問題。 換句話說,初始化s3Client之後: - 如果我首先嚐試檢查一個對象是否存在,它會引發FORBIDDEN問題; - 如果我第一次執行文件上傳,它工作正常,之後,任何對象存在檢查工作正常,以及;
這裏是我的堆棧跟蹤:
com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Reques
t ID: A23BB805491E411F)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588) ~[aws-java-sdk-core-1.
11.128.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258) ~[aws-java-sdk-core-1.11
.128.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030) ~[aws-java-sdk-core-1.11.128
.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742) ~[aws-java-sdk-core-1.11.128.jar:
?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) ~[aws-java-sdk-core-1.11.1
28.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) ~[aws-java-sdk-core-1.11.128.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) ~[aws-java-sdk-core-1.11.128.jar
:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) ~[aws-java-sdk-core-1.1
1.128.jar:?]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) ~[aws-java-sdk-core-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4169) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4116) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1237) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1213) ~[aws-java-sdk-s3-1.11.128.jar:?]
at com.amazonaws.services.s3.AmazonS3Client.doesObjectExist(AmazonS3Client.java:1272) ~[aws-java-sdk-s3-1.11.128.jar:?]
另一個奇怪的是,當我提出我的Java程序中的EC2遠程機器上的所有這些問題開始。 如果我在本地機器上執行它,S3交互工作正常。 但是我不認爲問題依賴於IAM角色,因爲我使用AWSStaticCredentialsProvider。
我敢肯定這是您的「憑證文件」可訪問性(那些myaccesskey()方法)的問題,只是爲了證明,用真實的accesskey和安全密鑰替換它們。 – kosa
我在創建AWSStaticCredentialsProvider後檢查了provider.getCredentials(),並且它返回了正確的憑證... 所以我想這些方法是正確的(除了他們可怕的臨時名稱:P) –
當您更改順序,然後檢查存在,這對EC2工作正常嗎?如果是這樣,我們可以得出結論,這不是一個政策問題。我們可以檢查你的完整代碼和你正在使用的aws-sdk的版本嗎? – kosa