我无法将Maven工件部署到S3。
即使我对存储桶具有写访问权限,我也会收到AccessDenied异常。
运行mvn deploy -DskipTests
时,出现以下错误:
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 5CFBE8472B760710; S3 Extended Request ID: cxvn4bs9sg2hNEZRbno2dxocwSj8i6jCSNSQtsZL2H7h2y/cY2koFhExrGv3mACLK+kfcxHfKkg=), S3 Extended Request ID: cxvn4bs9sg2hNEZRbno2dxocwSj8i6jCSNSQtsZL2H7h2y/cY2koFhExrGv3mACLK+kfcxHfKkg=
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1630)
旅行车插件触发的S3请求:
>> PUT /release/ HTTP/1.1
>> Host: inuka-mvn-repo.s3.eu-west-1.amazonaws.com
>> x-amz-content-sha256: UNSIGNED-PAYLOAD
>> Authorization: AWS4-HMAC-SHA256 Credential=AKIAUMQWI47EFQZPBQW3/20191018/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b20a1e2fb100eae4b70d7c0922fde9164bc7326d02074627e54d860359d8b298
>> X-Amz-Date: 20191018T145734Z
>> x-amz-acl: public-read
>> User-Agent: aws-sdk-java/1.11.276 Mac_OS_X/10.13.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23 java/1.8.0_60
>> amz-sdk-invocation-id: 47ea0bcd-c021-6d48-2547-f9a276c055cd
>> amz-sdk-retry: 0/0/500
>> Content-Type: application/octet-stream
>> Content-Length: 0
>> Connection: Keep-Alive
>> "PUT /release/ HTTP/1.1"
>> "Host: inuka-mvn-repo.s3.eu-west-1.amazonaws.com"
>> "x-amz-content-sha256: UNSIGNED-PAYLOAD"
>> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAUMQWI47EFQZPBQW3/20191018/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b20a1e2fb100eae4b70d7c0922fde9164bc7326d02074627e54d860359d8b298"
>> "X-Amz-Date: 20191018T145734Z"
>> "x-amz-acl: public-read"
>> "User-Agent: aws-sdk-java/1.11.276 Mac_OS_X/10.13.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23 java/1.8.0_60"
>> "amz-sdk-invocation-id: 47ea0bcd-c021-6d48-2547-f9a276c055cd"
>> "amz-sdk-retry: 0/0/500"
>> "Content-Type: application/octet-stream"
>> "Content-Length: 0"
>> "Connection: Keep-Alive"
>> ""
S3响应
<< "HTTP/1.1 403 Forbidden"
<< "x-amz-request-id: 83C798E7B7B523ED"
<< "x-amz-id-2: 6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA="
<< "Content-Type: application/xml"
<< "Transfer-Encoding: chunked"
<< "Date: Fri, 18 Oct 2019 14:57:33 GMT"
<< "Server: AmazonS3"
<< ""
<< HTTP/1.1 403 Forbidden
<< x-amz-request-id: 83C798E7B7B523ED
<< x-amz-id-2: 6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA=
<< Content-Type: application/xml
<< Transfer-Encoding: chunked
<< Date: Fri, 18 Oct 2019 14:57:33 GMT
<< Server: AmazonS3
e kept alive for 60000 MILLISECONDS
<< "f3"
<< "<?xml version="1.0" encoding="UTF-8"?>[\n]"
<< "<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>83C798E7B7B523ED</RequestId><HostId>6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA=</HostId></Error>"
<< "0"
<< ""
我使用com.github.platform-team:aws-maven
上传到S3
<build>
...
<extensions>
<extension>
<groupId>com.github.platform-team</groupId>
<artifactId>aws-maven</artifactId>
<version>6.0.0</version>
</extension>
</extensions>
</build>
这是我的Maven回购配置
<distributionManagement>
<repository>
<id>repo.inuka</id>
<url>s3://*****-mvn-repo/release</url>
</repository>
</distributionManagement>
我可以从命令行对s3进行写访问:
halils-mbp:inuka-be halil$ aws s3 cp pom.xml s3://inuka-mvn-repo
upload: ./pom.xml to s3://inuka-mvn-repo/pom.xml
有人可以帮我吗,为什么maven wagon插件com.github.platform-team:aws-maven
无法上传到S3?
答案 0 :(得分:6)
大多数Maven S3旅行车,包括问题中提到的旅行车,似乎都不支持对具有私有权限的存储桶进行写操作。结果是,即使您的IAM策略很好并且您的身份验证详细信息也很好,当涉及到PUT
呼叫时,您也会得到403。
我发现唯一可以对私有存储桶开箱即用的是Allogy wagon:
<build>
...
<extensions>
<extension>
<groupId>com.allogy.maven.wagon</groupId>
<artifactId>maven-s3-wagon</artifactId>
<version>1.2.0</version>
</extension>
</extensions>
...
</build>
答案 1 :(得分:0)
我猜您错过了配置S3策略的机会,或者m2设置的服务器ID与pom distributionManagement不匹配,同时拥有snapshotRepository
和repository
示例:
<distributionManagement>
<snapshotRepository>
<id>YOUR_BUCKET_NAME-snapshot</id>
<url>s3://YOUR_BUCKET_NAME/snapshot</url>
</snapshotRepository>
<repository>
<id>YOUR_BUCKET_NAME-release</id>
<url>s3://YOUR_BUCKET_NAME/release</url>
</repository>
</distributionManagement>
我发现这个Maven扩展用完了。它建立在Apache旅行车的顶部,链接: https://github.com/ehsaniara/maven-repository-aws-s3
您可以从:https://github.com/ehsaniara/maven-repository-aws-s3#configure-by-aws-console
开始Setp1:您创建具有以下权限的s3策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:CreateBucket",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}
然后创建一个IAM用户并附加该策略。
在您的.m2/setting
上同时添加snapshot
和release
服务器ID
<settings>
<servers>
...
...
<server>
<id>YOUR_BUCKET_NAME-snapshot</id>
<username>AWS_ACCESS_KEY_ID</username>
<password>AWS_SECRET_ACCESS_KEY</password>
<configuration>
<region>AWS_REGION</region>
<publicRepository>false</publicRepository>
</configuration>
</server>
<server>
<id>YOUR_BUCKET_NAME-release</id>
<username>AWS_ACCESS_KEY_ID</username>
<password>AWS_SECRET_ACCESS_KEY</password>
<configuration>
<region>AWS_REGION</region>
<publicRepository>false</publicRepository>
</configuration>
</server>
....
....
</servers>
</settings>
然后将以下扩展名添加到pom
<extensions>
<extension>
<groupId>com.github.ehsaniara</groupId>
<artifactId>maven-repository-aws-s3</artifactId>
<version>1.2.10</version>
</extension>
</extensions>