I'm using AWS Credentials* to connect to my AWS S3.
final AmazonS3 s3 = new AmazonS3Client(
new AWSStaticCredentialsProvider(new BasicAWSCredentials("accessKey*",
"secretKey")));
s3.setRegion(Region.US_West.toAWSRegion());
s3.setEndpoint("s3-us-west-1.amazonaws.com");
From my localhost, I'm able to upload image and since I have versioning enabled, I get versionId back for following line.
versionId = s3.putObject(new PutObjectRequest("bucketName", name, convFile)).getVersionId();
PS 3: Above piece of code is wrapped in a try-catch block and the catch block prints this
You failed to upload fileName => fileName.jpeg (Permission denied)
But if I execute the same code from my ElasticBeanStalk, I get versionId=null and the image is not uploaded to S3.
I don't see credentials exception.
- When I searched the accessKey in Users(under IAM), I realized its not assigned to any user.
After reading all docs, I created two users. One under a group which I created, another without a group.
I used accessKey of those users and still I'm not able to uploaded image to S3.
This is how my bucket policy looks like After creating the two users
{
"Version": "2012-10-17",
"Id": "Policy1",
"Statement": [
{
"Sid": "Stmt1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::someNumnber:user/username"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketName"
}
]
}
Before creating two users (and the following set up was in place when localhost successfully uploads image to S3)
{
"Version": "2012-10-17",
"Id": "Policy15",
"Statement": [
{
"Sid": "Stmt1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bcktName",
"arn:aws:s3:::bcktName/*"
]
}
]
}
I'm totally struck on this issue for 4 evenings. Please help me. I don't use boto or any other stuff. Its a straight forward war file uploaded to tomcat, which has to upload images to S3. It works in localhost, but not in S3.
PS: This is how my CORS configuration look
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>20000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
<ExposeHeader>x-amz-request-id</ExposeHeader>
<ExposeHeader>x-amz-id-2</ExposeHeader>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
PS 2:
Should I do anything in Access Control list? As of now, I see the owner account is same as username of my entire AWS. I think The access key and secret key that works from local also related to owner account.