S3用户可以从存储桶上传和删除文件但无法下载

时间:2018-02-03 13:02:30

标签: java amazon-web-services spring-mvc amazon-s3 s3-bucket

我创建了一个AWS IAM用户并使用S3 Bucket策略授予该用户特定存储桶及其相关对象的所有权限,如下所示(其中使用Xs应该有一些特定的标识符)。此用户可以通过编程方式(AWS JAVA SDK)添加(上传)和删除此存储桶中的文件,但我很困惑为什么他无法下载任何文件。我知道这个问题在某种程度上已被问到here,但似乎存在的问题是因为他没有指定桶级访问,在我的情况下我已经完成了。 belew是S3 Bucket政策。

{
"Version": "2012-10-17",
"Id": "PolicyXXXXXXXXXXXXX",
"Statement": [
    {
        "Sid": "StmtXXXXXXXXXXXXX",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/username"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::bucketName"
    },
    {
        "Sid": "StmtXXXXXXXXXXXXX",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/username"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::bucketName/*"
    }
]

}

以下是下载源代码

public  void downloadS3(String bucketName, String accessKey, String secretKey, String urlString) 
        throws AmazonServiceException, AmazonClientException, IOException { 
    BasicAWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
    System.out.println("bucket Name:"+bucketName);
    AmazonS3 s3 = AmazonS3ClientBuilder.standard()              
            .withCredentials(new AWSStaticCredentialsProvider(creds))
            .withRegion(Regions.US_EAST_2).build() ;


    //The urlString is the s3 object url saved in database

      URL url = new URL(urlString);

      String key=(FilenameUtils.getName(url.getPath())); // -> file.extension

        System.out.println("Downloading an object file with name:"+key);




      //This returns an ObjectMetadata file which we don't need to use it in this case 
        //ObjectMetadata object = 
        s3.getObject(new GetObjectRequest(bucketName, key), new File(key));

        /*end downloading logic*/



        System.out.println("File "+key+" Downloaded succesifully  ");           


} 





public void downloadFile(String urlString) {


    ExecutorService service = Executors.newFixedThreadPool(4);
    service.submit(new Runnable() {
        public void run() {
    try { 
        this.downloadS3("bucket",accessKey,secretKey,urlString); 
    } catch (AmazonServiceException ase) { 
        System.err 
                .println("Caught an AmazonServiceException, which means your request made it " 
                        + "to Amazon S3, but was rejected with an error response for some reason."); 
        System.err.println("Error Message:    " + ase.getMessage()); 
        System.err.println("HTTP Status Code: " + ase.getStatusCode()); 
        System.err.println("AWS Error Code:   " + ase.getErrorCode()); 
        System.err.println("Error Type:       " + ase.getErrorType()); 
        System.err.println("Request ID:       " + ase.getRequestId()); 
    } catch (AmazonClientException ace) { 
        System.err 
                .println("Caught an AmazonClientException, which means the client encountered " 
                        + "a serious internal problem while trying to communicate with S3, " 
                        + "such as not being able to access the network."); 
        System.err.println("Error Message: " + ace.getMessage()); 
    } catch (IOException e) {

        e.printStackTrace();
    } 

        }
    });

}

以下是我得到的例外

Caught an AmazonClientException, which means the client encountered a serious internal problem while trying to communicate with S3, such as not being able to access the network.Error Message: java.io.FileNotFoundException: fileName.mp3 (Permission denied)

记住文件实际存在(相同的密钥)。

我还为用户定义了IAM策略(内联策略)(如下所示),但同样的问题仍然存在。在此先感谢您的帮助。

{
"Version": "2012-10-17",
"Statement": [

    {
        "Effect": "Allow",
        "Action": [
            "s3:*"
        ],
        "Resource": [
            "arn:aws:s3:::*"
        ]
    }
]

}

0 个答案:

没有答案