I am trying to access my s3 bucket using a application deployed on my tomcat running on ec2. Show
I could see lots of posts related to this, but look like most of them complaint about not having proper access. I have proper access to all buckets, I am able to upload the file from another application using different application like jenkins s3 plugin without any issues. I am clueless why this should happen only for a java web application deployed on tomcat. I have confirmed below things.
As per my understanding if I do not specify any credentials while creating the S3 bucket client(AmazonS3Client ),it will take the IAM role authentication as default. This is a sample function which I wrote to test the permission. public boolean checkWritePermission(String bucketName) { AmazonS3Client amazonS3Client=new AmazonS3Client(); LOG.info("Checking bucket write permission....."); boolean hasWritePermissions = false; final ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(0); // Create empty content final InputStream emptyContent = new ByteArrayInputStream(new byte[0]); // Create a PutObjectRequest with test object final PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, "TestDummy.txt", emptyContent, metadata); try { if (amazonS3Client.putObject(putObjectRequest) != null) { LOG.info("Permissions validated!"); // User has write permissions, TestPassed. hasWritePermissions = true; } } catch (AmazonClientException s3Ex) { LOG.warn("Write permissions not available!", s3Ex.getMessage()); LOG.error("Write permissions not available!", s3Ex); } return hasWritePermissions; }
I am trying to access a bucket and all its object using AWS SDK but while running the code i am getting an error as Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: X), S3 Extended Request ID: Y= Kindly suggest, where i am lacking and why access denied error is occurring although i have taken all following permission to the bucket: s3:GetObject s3:GetObjectVersion s3:GetObjectAcl s3:GetBucketAcl s3:GetBucketCORS s3:GetBucketLocation s3:GetBucketLogging s3:ListBucket s3:ListBucketVersions s3:ListBucketMultipartUploads s3:GetObjectTorrent s3:GetObjectVersionAclCode is as follows: AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey); ClientConfiguration clientConfig = new ClientConfiguration(); clientConfig.setProtocol(Protocol.HTTP); AmazonS3 conn = new AmazonS3Client(credentials, clientConfig); conn.setEndpoint(bucketName); Bucket bucket = conn.createBucket(bucketName); ObjectListing objects = conn.listObjects(bucket.getName()); do { for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) { System.out.println(objectSummary.getKey() + "\t" + objectSummary.getSize() + "\t" + StringUtils.fromDate(objectSummary.getLastModified())); } objects = conn.listNextBatchOfObjects(objects); } while (objects.isTruncated());
OneCricketeer 157k18 gold badges115 silver badges218 bronze badges asked Jun 10, 2014 at 11:02
Go to IAM and check whether the user [ Access Key & Secret Key ] which is being used for the API has the previliges to use S3 Based API. Attached S3 Policy to the specified User - try with S3 Full Access; you can fine-grain the access once this works. For More Information Check this Link [ Managing IAM Policies ] answered Jun 10, 2014 at 11:12
 Naveen VijayNaveen Vijay 15.4k6 gold badges68 silver badges88 bronze badges 5 The problem is now solved. There were following issue to the code:
Below is the correct code AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey); ClientConfiguration clientConfig = new ClientConfiguration(); clientConfig.setProtocol(Protocol.HTTP); AmazonS3 conn = new AmazonS3Client(credentials, clientConfig); conn.setEndpoint("correct end point"); Bucket bucket = conn.createBucket(bucketName); ObjectListing objects = conn.listObjects(bucket.getName()); do { for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) { System.out.println(objectSummary.getKey() + "\t" + objectSummary.getSize() + "\t" + StringUtils.fromDate(objectSummary.getLastModified())); } objects = conn.listNextBatchOfObjects(objects); } while (objects.isTruncated());
OneCricketeer 157k18 gold badges115 silver badges218 bronze badges answered Jun 12, 2014 at 4:35
gkbstargkbstar 5551 gold badge4 silver badges16 bronze badges 5 I was getting the same exception and this is how I fixed it. The S3 bucket objects were encrypted using service-side KMS. I had to add the app/lambda role as a user to the encryption key. answered Jun 29, 2020 at 13:25
abbasabbas 5,7252 gold badges35 silver badges34 bronze badges 1 In permission tab of bucket, i uncheck:
and the problem gone. answered Dec 1, 2018 at 4:15
phongntphongnt 5115 silver badges13 bronze badges If you still see the error even after setting the right IAM policy and checking the bucket/path, check the apache http client dependency. The apache http client 4.5.5 works fine, while 4.5.7 and above fails for some weird reason (not properly encoding the folder path separators). You will have to explicitly set the apache http client version to 4.5.5 in that case.. or at least some other version that works. answered Mar 4, 2019 at 21:03
// This is save s3 buket image code byte imageBytes[] = request.getThumbnail().readAllBytes(); InputStream inputStream = new ByteArrayInputStream(imageBytes); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(imageBytes.length); metadata.setContentType("image/png"); String image = String.valueOf(System.currentTimeMillis()); // String image=String.valueOf(System.getProperty(String.valueOf(inputRequest))); // String image=String.valueOf(System.getProperty(String.valueOf(inputRequest))); String key = "image/" + image; s3.putObject(new PutObjectRequest(bucketName, key, inputStream, metadata) .withCannedAcl(CannedAccessControlList.Private));
answered Oct 5, 2021 at 6:23
Please check and add your region answered Apr 1 at 3:54
Not the answer you're looking for? Browse other questions tagged java amazon-web-services amazon-s3 or ask your own question.How do I fix 403 forbidden on AWS S3?Resolution. Check your permissions for s3:PutObject or s3:PutObjectAcl. Follow these steps: ... . Ask for permission to use an AWS KMS key. ... . Check the bucket policy for explicit deny statements. ... . Disable S3 Block Public Access. ... . Grant the root user permission to write objects. ... . Delete service control policies for AWS Organizations.. How do I fix an AWS S3 bucket policy and public permissions access denied error?To resolve these issues:. Check that the IAM user or role has s3:Get:BucketPolicy permission to view the bucket policy and s3:PutBucketPolicy permission to edit it. ... . If you're denied permissions, then use another IAM identity that has bucket access, and edit the bucket policy.. How do I fix 403 forbidden?How to Fix the 403 Forbidden Error. Check for URL errors and make sure you're specifying an actual web page file name and extension, not just a directory. ... . Clear your browser's cache. ... . Log in to the website, assuming it's possible and appropriate to do so.. Why is S3 object URL Access Denied?If you're trying to host a static website using Amazon S3, but you're getting an Access Denied error, check the following requirements: Objects in the bucket must be publicly accessible. S3 bucket policy must allow access to the s3:GetObject action. The AWS account that owns the bucket must also own the object.
|
