我创建了一个s3存储桶。我有一个文件存储桶。我将它作为静态网站托管。以下是我的支持策略。每个人都应该能够查看我的文件内容,只有指定的用户ID应该能够列出存储桶元素。以下是我的存储桶策略。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<!-- account id without hyphen -->:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<!-- bucket name -->"
},
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<!-- bucket name -->/*"
}
]
}
以下是我的java程序,用于检查存储桶内容列表。 问题: 1)它没有列出我的桶中存在的文件(我已经给出了自己的访问密钥和密钥) 2)如何检查我在存储桶策略中给出的特定帐户ID是否有权列出存储桶内容。在哪里提供帐户ID并检入程序?
package Cloud.AWS_CloudTest;
import java.io.IOException;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.ListObjectsRequest;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.s3.model.S3ObjectSummary;
public class App {
private static String bucketName = "bucket name";
public static void main( String[] args ) throws IOException{
AWSCredentials basicCredentials = new BasicAWSCredentials("access key", "secret key");
AmazonS3 s3client = new AmazonS3Client(basicCredentials);
s3client.setRegion(Region.getRegion(Regions.US_WEST_2));
try {
System.out.println("Listing objects");
ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
.withBucketName(bucketName)
.withPrefix("m");
ObjectListing objectListing;
do {
objectListing = s3client.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary :
objectListing.getObjectSummaries()) {
System.out.println(" - " + objectSummary.getKey() + " " +
"(size = " + objectSummary.getSize() +
")");
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
System.out.println("Caught an AmazonServiceException, " +
"which means your request made it " +
"to Amazon S3, but was rejected with an error response " +
"for some reason.");
System.out.println("Error Message: " + ase.getMessage());
System.out.println("HTTP Status Code: " + ase.getStatusCode());
System.out.println("AWS Error Code: " + ase.getErrorCode());
System.out.println("Error Type: " + ase.getErrorType());
System.out.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.out.println("Caught an AmazonClientException, " +
"which means the client encountered " +
"an internal error while trying to communicate" +
" with S3, " +
"such as not being able to access the network.");
System.out.println("Error Message: " + ace.getMessage());
}
}
}
请说明为什么没有列出以及如何检查我在存储桶政策中提供的特定帐户ID的访问权限。
答案 0 :(得分:0)
我找到了解决方案。
1)由于
,它没有列出存储桶中存在的文件.withPrefix("m")
删除此行后,它开始正常工作。
2)实际上它是根据访问密钥和密钥获取帐户ID。 因此,如果在存储桶策略中为帐户ID(对应于程序中给出的访问密钥和密钥)提供访问权限,则它将列出存储桶内容。