Amazon 访问被拒绝使用 java SDK 尝试获取 Bucket 对象列表时
Amazon access denied When trying to get the Bucket object list using java SDK
我正在使用 Amazon S3 来 upload/download 视频。我可以上传任何视频,但我无法在存储桶中列出我的视频,因为我遇到了这些错误:
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reason.
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Error Message: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 4AEF68CB2979FBB9)
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: HTTP Status Code: 403
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: AWS Error Code: AccessDenied
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Error Type: Client
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Request ID: 4AEF68CB2979FBB9
我有这样一个简单的结构:
All Buckets/ myvideos/
video1.mp4
video2.mp4
Other.mp4
我有我的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::myvideos/*"
]
}
]
}
所以我可以上传视频但是我不能列出里面的元素。
这是我用来列出对象的代码。
try {
ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
.withBucketName(MY_BUCKET)
.withPrefix("")
.withDelimiter("/");
ObjectListing objectListing;
do {
objectListing = s3Client.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary :
objectListing.getObjectSummaries()) {
Log.i("CCC", " - " + objectSummary.getKey() + " " +
"(size = " + objectSummary.getSize() +
")");
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
Log.i("CCC", "Caught an AmazonServiceException, " +
"which means your request made it " +
"to Amazon S3, but was rejected with an error response " +
"for some reason.");
Log.i("CCC", "Error Message: " + ase.getMessage());
Log.i("CCC", "HTTP Status Code: " + ase.getStatusCode());
Log.i("CCC", "AWS Error Code: " + ase.getErrorCode());
Log.i("CCC", "Error Type: " + ase.getErrorType());
Log.i("CCC", "Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
Log.i("CCC", "Caught an AmazonClientException, " +
"which means the client encountered " +
"an internal error while trying to communicate" +
" with S3, " +
"such as not being able to access the network.");
Log.i("CCC", "Error Message: " + ace.getMessage());
}
我不知道我还需要做什么?具有相同访问权限的 S3 怎么可能允许我上传但拒绝列表?
更新 1:代码
我正在使用这个:
CognitoCachingCredentialsProvider credentialsProvider =
new CognitoCachingCredentialsProvider(
context,
IDENTITY_POOL_ID,
MY_REGION
);
AmazonS3 s3Client = new AmazonS3Client(credentialsProvider);
s3Client.setRegion(Region.getRegion(MY_REGION));
所以我尝试了这个:
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
AmazonS3 s3Client = new AmazonS3Client(credentials);
好的,它有效。但我想允许没有登录用户访问视频。我不想使用我的 accessKey 和 secretKey.
要列出存储桶的内容,请将其添加到策略中
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::myvideos/*"
]
}
Source
您需要为 ListBucket 操作授予对存储桶的访问权限。在您的策略中,您授予对存储桶 myvideos 内文件的访问权限,但不授予存储桶本身的访问权限。试试这个政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::myvideos",
"arn:aws:s3:::myvideos/*"
]
}
]
}
我正在使用 Amazon S3 来 upload/download 视频。我可以上传任何视频,但我无法在存储桶中列出我的视频,因为我遇到了这些错误:
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reason.
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Error Message: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 4AEF68CB2979FBB9)
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: HTTP Status Code: 403
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: AWS Error Code: AccessDenied
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Error Type: Client
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Request ID: 4AEF68CB2979FBB9
我有这样一个简单的结构:
All Buckets/ myvideos/
video1.mp4
video2.mp4
Other.mp4
我有我的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::myvideos/*"
]
}
]
}
所以我可以上传视频但是我不能列出里面的元素。
这是我用来列出对象的代码。
try {
ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
.withBucketName(MY_BUCKET)
.withPrefix("")
.withDelimiter("/");
ObjectListing objectListing;
do {
objectListing = s3Client.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary :
objectListing.getObjectSummaries()) {
Log.i("CCC", " - " + objectSummary.getKey() + " " +
"(size = " + objectSummary.getSize() +
")");
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
Log.i("CCC", "Caught an AmazonServiceException, " +
"which means your request made it " +
"to Amazon S3, but was rejected with an error response " +
"for some reason.");
Log.i("CCC", "Error Message: " + ase.getMessage());
Log.i("CCC", "HTTP Status Code: " + ase.getStatusCode());
Log.i("CCC", "AWS Error Code: " + ase.getErrorCode());
Log.i("CCC", "Error Type: " + ase.getErrorType());
Log.i("CCC", "Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
Log.i("CCC", "Caught an AmazonClientException, " +
"which means the client encountered " +
"an internal error while trying to communicate" +
" with S3, " +
"such as not being able to access the network.");
Log.i("CCC", "Error Message: " + ace.getMessage());
}
我不知道我还需要做什么?具有相同访问权限的 S3 怎么可能允许我上传但拒绝列表?
更新 1:代码
我正在使用这个:
CognitoCachingCredentialsProvider credentialsProvider =
new CognitoCachingCredentialsProvider(
context,
IDENTITY_POOL_ID,
MY_REGION
);
AmazonS3 s3Client = new AmazonS3Client(credentialsProvider);
s3Client.setRegion(Region.getRegion(MY_REGION));
所以我尝试了这个:
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
AmazonS3 s3Client = new AmazonS3Client(credentials);
好的,它有效。但我想允许没有登录用户访问视频。我不想使用我的 accessKey 和 secretKey.
要列出存储桶的内容,请将其添加到策略中
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::myvideos/*"
]
}
Source
您需要为 ListBucket 操作授予对存储桶的访问权限。在您的策略中,您授予对存储桶 myvideos 内文件的访问权限,但不授予存储桶本身的访问权限。试试这个政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::myvideos",
"arn:aws:s3:::myvideos/*"
]
}
]
}