时间戳

首页 > 解决方案 > 使用 Java 中的 ARN 角色连接到 AWS S3

java - 使用 Java 中的 ARN 角色连接到 AWS S3

问题描述

我有可以成功连接并从 S3 获取文件的工作 python 代码:

import boto3  # 1.7.4
import sys

AWS_ACCESS_KEY_ID = '....'
AWS_SECRET_ACCESS_KEY = '...'
ROLE_NAME = '...'
EXTERNAL_ID = '...' 
S3_BUCKET = 'my_bucket'

ROLE_SESSION_NAME = 'data-platform1'
BASE_ROLE_ARN = 'arn:aws:iam::794878508111:role/'
ROLE_ARN = BASE_ROLE_ARN + ROLE_NAME
DURATION_SECONDS = 3600
client = boto3.client(
    'sts',
    aws_access_key_id=AWS_ACCESS_KEY_ID,
    aws_secret_access_key=AWS_SECRET_ACCESS_KEY
)

role = client.assume_role(
    RoleArn=ROLE_ARN,
    RoleSessionName=ROLE_SESSION_NAME,
    DurationSeconds=DURATION_SECONDS,
    ExternalId=EXTERNAL_ID
)
session = boto3.session.Session(
    aws_access_key_id=role['Credentials']['AccessKeyId'],
    aws_secret_access_key=role['Credentials']['SecretAccessKey'],
    aws_session_token=role['Credentials']['SessionToken']
)
S3 = session.resource('s3')
my_bucket = S3.Bucket(S3_BUCKET)

当我使用java代码时:

AWSCredentials awsCredentials1 = new AWSCredentials() {
                @Override public String getAWSAccessKeyId() {
                    return "...";
                }
                @Override public String getAWSSecretKey() {
                    return "...";
                }
            };

            AWSCredentials awsCredentials = new BasicAWSCredentials(awsCredentials1.getAWSAccessKeyId(), awsCredentials1.getAWSSecretKey());
            AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
                    .withRegion(Regions.US_EAST_1)
                    .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
                    .build();

            AssumeRoleRequest roleRequest = new AssumeRoleRequest()
                    .withRoleArn("arn:aws:iam::794878508111:role/DPA-Havasedge")
                    .withRoleSessionName("...")
                    .withDurationSeconds(3600)
                    .withExternalId("...");

            AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
            BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(roleResponse.getCredentials().getAccessKeyId(), roleResponse.getCredentials().getSecretAccessKey(),
                    roleResponse.getCredentials().getSessionToken());


            AmazonS3Client s3Client = (AmazonS3Client) AmazonS3ClientBuilder.standard()
                    .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))
                    .withRegion(Regions.US_EAST_1)
                    .build();

            List<Bucket> buckets = s3Client.listBuckets();

我因错误而失败:

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 86CF26DA1AE92E98; S3 Extended Request ID: BqA2Pj9vgjrqanBKFY4XMtGgL7NwUCaiF+sC2jJvvRBlrmsdnFbI9XUDIY/NG3rke21xrCdvMYI=), S3 Extended Request ID: BqA2Pj9vgjrqanBKFY4XMtGgL7NwUCaiF+sC2jJvvRBlrmsdnFbI9XUDIY/NG3rke21xrCdvMYI=

我使用与 python 相同的连接参数:

(AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,ROLE_NAME,EXTERNAL_ID,S3_BUCKET,ROLE_SESSION_NAME,BASE_ROLE_ARN,)

请帮助找出我的java代码有什么问题

谢谢

标签: javaamazon-s3

解决方案

我收到的例外:

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 0100BB5ADF1A6E06; S3 Extended Request ID: S5KsCFckCOeyx6VGqPnrda56C+IMPttpeqfMLQ/dbAfYQlvKUJ+xhEt9ux1QgVzbHasXNA2yybI=), S3 Extended Request ID: S5KsCFckCOeyx6VGqPnrda56C+IMPttpeqfMLQ/dbAfYQlvKUJ+xhEt9ux1QgVzbHasXNA2yybI=
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1630)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1302)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1056)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4330)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4277)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4271)
at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:930)
at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:936)

推荐阅读