I am trying to access a bucket and all its object using AWS SDK but while running the code i am getting an error as Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: X), S3 Extended Request ID: Y=
Kindly suggest, where i am lacking and why access denied error is occurring although i have taken all following permission to the bucket:
s3:GetObject
s3:GetObjectVersion
s3:GetObjectAcl
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetBucketLocation
s3:GetBucketLogging
s3:ListBucket
s3:ListBucketVersions
s3:ListBucketMultipartUploads
s3:GetObjectTorrent
s3:GetObjectVersionAcl
Code is as follows:
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTP);
AmazonS3 conn = new AmazonS3Client(credentials, clientConfig);
conn.setEndpoint(bucketName);
Bucket bucket = conn.createBucket(bucketName);
ObjectListing objects = conn.listObjects(bucket.getName());
do {
for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) {
System.out.println(objectSummary.getKey() + "\t" +
objectSummary.getSize() + "\t" +
StringUtils.fromDate(objectSummary.getLastModified()));
}
objects = conn.listNextBatchOfObjects(objects);
} while (objects.isTruncated());
Go to IAM and check whether the user [ Access Key & Secret Key ] which is being used for the API has the previliges to use S3 Based API.
Attached S3 Policy to the specified User - try with S3 Full Access; you can fine-grain the access once this works.
For More Information Check this Link [ Managing IAM Policies ]
The problem is now solved. There were following issue to the code:
- The end point was not correct, There should be a correct end point.
- There was not enough permission given to the bucket. A list of complete permission should be taken before using the bucket in AWS SDK.
Below is the correct code
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTP);
AmazonS3 conn = new AmazonS3Client(credentials, clientConfig);
conn.setEndpoint("correct end point");
Bucket bucket = conn.createBucket(bucketName);
ObjectListing objects = conn.listObjects(bucket.getName());
do {
for (S3ObjectSummary objectSummary : objects.getObjectSummaries()) {
System.out.println(objectSummary.getKey() + "\t" +
objectSummary.getSize() + "\t" +
StringUtils.fromDate(objectSummary.getLastModified()));
}
objects = conn.listNextBatchOfObjects(objects);
} while (objects.isTruncated());
In permission tab of bucket, i uncheck:
- Manage public access control lists (ACLs) for this bucket
- Block new public ACLs and uploading public objects (Recommended)
and the problem gone.
If you still see the error even after setting the right IAM policy and checking the bucket/path, check the apache http client dependency. The apache http client 4.5.5 works fine, while 4.5.7 and above fails for some weird reason (not properly encoding the folder path separators). You will have to explicitly set the apache http client version to 4.5.5 in that case.. or at least some other version that works.
