Why am I able to upload to AWS S3 from my localhos

2019-08-22 01:42发布

问题:

I'm using AWS Credentials* to connect to my AWS S3.

final AmazonS3 s3 = new AmazonS3Client(
                  new AWSStaticCredentialsProvider(new BasicAWSCredentials("accessKey*",
                      "secretKey")));
              s3.setRegion(Region.US_West.toAWSRegion());
              s3.setEndpoint("s3-us-west-1.amazonaws.com");

From my localhost, I'm able to upload image and since I have versioning enabled, I get versionId back for following line.

versionId = s3.putObject(new PutObjectRequest("bucketName", name, convFile)).getVersionId();

PS 3: Above piece of code is wrapped in a try-catch block and the catch block prints this

 You failed to upload fileName => fileName.jpeg (Permission denied)

But if I execute the same code from my ElasticBeanStalk, I get versionId=null and the image is not uploaded to S3.

I don't see credentials exception.

    • When I searched the accessKey in Users(under IAM), I realized its not assigned to any user.

After reading all docs, I created two users. One under a group which I created, another without a group.

I used accessKey of those users and still I'm not able to uploaded image to S3.

This is how my bucket policy looks like After creating the two users

{
    "Version": "2012-10-17",
    "Id": "Policy1",
    "Statement": [
        {
            "Sid": "Stmt1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::someNumnber:user/username"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucketName"
        }
    ]
}

Before creating two users (and the following set up was in place when localhost successfully uploads image to S3)

{
    "Version": "2012-10-17",
    "Id": "Policy15",
    "Statement": [
        {
            "Sid": "Stmt1",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bcktName",
                "arn:aws:s3:::bcktName/*"
            ]
        }
    ]
}

I'm totally struck on this issue for 4 evenings. Please help me. I don't use boto or any other stuff. Its a straight forward war file uploaded to tomcat, which has to upload images to S3. It works in localhost, but not in S3.

PS: This is how my CORS configuration look

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <MaxAgeSeconds>20000</MaxAgeSeconds>
    <ExposeHeader>ETag</ExposeHeader>
    <ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
    <ExposeHeader>x-amz-request-id</ExposeHeader>
    <ExposeHeader>x-amz-id-2</ExposeHeader>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

PS 2:

Should I do anything in Access Control list? As of now, I see the owner account is same as username of my entire AWS. I think The access key and secret key that works from local also related to owner account.

回答1:

check your AWSAccessKey and AWSSecretKey in web config file. Aws API uses these credentials to login into your s3.

this same issue appeared to me as well, I solved it by doing this.

Hope that this would help anybody.