java - 使用 Java 中的 ARN 角色连接到 AWS S3
问题描述
我有可以成功连接并从 S3 获取文件的工作 python 代码:
import boto3 # 1.7.4
import sys
AWS_ACCESS_KEY_ID = '....'
AWS_SECRET_ACCESS_KEY = '...'
ROLE_NAME = '...'
EXTERNAL_ID = '...'
S3_BUCKET = 'my_bucket'
ROLE_SESSION_NAME = 'data-platform1'
BASE_ROLE_ARN = 'arn:aws:iam::794878508111:role/'
ROLE_ARN = BASE_ROLE_ARN + ROLE_NAME
DURATION_SECONDS = 3600
client = boto3.client(
'sts',
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY
)
role = client.assume_role(
RoleArn=ROLE_ARN,
RoleSessionName=ROLE_SESSION_NAME,
DurationSeconds=DURATION_SECONDS,
ExternalId=EXTERNAL_ID
)
session = boto3.session.Session(
aws_access_key_id=role['Credentials']['AccessKeyId'],
aws_secret_access_key=role['Credentials']['SecretAccessKey'],
aws_session_token=role['Credentials']['SessionToken']
)
S3 = session.resource('s3')
my_bucket = S3.Bucket(S3_BUCKET)
当我使用java代码时:
AWSCredentials awsCredentials1 = new AWSCredentials() {
@Override public String getAWSAccessKeyId() {
return "...";
}
@Override public String getAWSSecretKey() {
return "...";
}
};
AWSCredentials awsCredentials = new BasicAWSCredentials(awsCredentials1.getAWSAccessKeyId(), awsCredentials1.getAWSSecretKey());
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(Regions.US_EAST_1)
.withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
.build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn("arn:aws:iam::794878508111:role/DPA-Havasedge")
.withRoleSessionName("...")
.withDurationSeconds(3600)
.withExternalId("...");
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(roleResponse.getCredentials().getAccessKeyId(), roleResponse.getCredentials().getSecretAccessKey(),
roleResponse.getCredentials().getSessionToken());
AmazonS3Client s3Client = (AmazonS3Client) AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))
.withRegion(Regions.US_EAST_1)
.build();
List<Bucket> buckets = s3Client.listBuckets();
我因错误而失败:
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 86CF26DA1AE92E98; S3 Extended Request ID: BqA2Pj9vgjrqanBKFY4XMtGgL7NwUCaiF+sC2jJvvRBlrmsdnFbI9XUDIY/NG3rke21xrCdvMYI=), S3 Extended Request ID: BqA2Pj9vgjrqanBKFY4XMtGgL7NwUCaiF+sC2jJvvRBlrmsdnFbI9XUDIY/NG3rke21xrCdvMYI=
我使用与 python 相同的连接参数:
(AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,ROLE_NAME,EXTERNAL_ID,S3_BUCKET,ROLE_SESSION_NAME,BASE_ROLE_ARN,)
请帮助找出我的java代码有什么问题
谢谢
解决方案
我收到的例外:
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 0100BB5ADF1A6E06; S3 Extended Request ID: S5KsCFckCOeyx6VGqPnrda56C+IMPttpeqfMLQ/dbAfYQlvKUJ+xhEt9ux1QgVzbHasXNA2yybI=), S3 Extended Request ID: S5KsCFckCOeyx6VGqPnrda56C+IMPttpeqfMLQ/dbAfYQlvKUJ+xhEt9ux1QgVzbHasXNA2yybI=
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1630)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1302)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1056)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4330)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4277)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4271)
at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:930)
at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:936)
推荐阅读
- fat32 - 从 FAT(小端)转换为大端
- python - 打印树的递归函数
- angular - 如何在 Ng2-smart-table 中实现服务器端分页?
- angular - 带有 SendGrid 的 Firestore 云功能 - 替换不显示数据
- java - Maven Jsoup 缺少工件异常
- php - PHP,Wordpress 查询,将匹配结果合并为 1
- f# - 如何在 f# 中匹配 Nullable Date 参数
- xml - 如何更改浮动操作按钮的背景颜色
- node.js - 詹金斯构建失败 - 错误:未找到:制作
- c++ - 虚幻引擎的 Actor 类的 OnConstruction() 方法未正确执行