我想从提供IAM凭据的环境中将文件上传到Amazon S3。但是我收到此错误:
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: EF93490A8356F585)
IAM角色如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sam-94a493b-dev"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::sam-bbcb194a493b-dev/*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:us-east-1:000351272236:key/9b7a989c-ee8e-4c83-b765-6debe0f94eaa"
]
}
]
}
我使用默认客户端访问Amazon S3客户端,并使用putObject方法使用fileNameWithPath将对象放入存储桶(path / in / s3 / filename.ext)
访问s3的代码如下:
AmazonS3 s3client = AmazonS3ClientBuilder.defaultClient();
s3client.putObject(bucketName, fileNameWithPath, file)
我得到的错误是:
com.amazonaws.services.s3.model.AmazonS3Exception: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: EF93490A8356F585)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1587) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1257) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1029) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:741) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:715) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:697) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:665) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:647) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:511) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4227) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4174) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1722) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1577) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.example.services.S3Service.uploadFile(S3Service.java:63) ~[classes!/:?]
我的aws sdk版本为-1.11.163,默认情况下应具有签名版本4。我不确定问题出在哪里
我已经尝试在putObject中设置各种SSEAlgorithm,例如'AES256'和'AWS4-HMAC-SHA256',但是这些没有帮助。 / p>
任何线索都将被应用。
答案 0 :(得分:1)
我按照以下步骤解决了这个问题-
request明确指定PutObjectRequest new ObjectMetadata并将其设置为SSEAlgorithm-“ aws:kms”。 objectMetadata附加到request。request方法发送putObject。这是代码-
PutObjectRequest request = new PutObjectRequest(bucketName, ruleFilePath, file);
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setSSEAlgorithm("aws:kms");
request.setMetadata(objectMetadata);
this.s3client.putObject(request);