Here's my Java code:
AmazonS3 conn = new AmazonS3Client();
AmazonS3URI uri = new AmazonS3URI(s3uri);
ObjectListing objects = conn.listObjects(uri.getBucket(), uri.getKey());
A very simple task, I try to use AmazonS3 Java client to access S3, but this line conn.listObjects
keeps failing and gave me the following exception:
Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXX), S3 Extended Request ID: xxxxxxxxx
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3826)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3778)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:610)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:588)
A very obvious error code: 403 which denotes my aws credentials are wrong, however, this is exactly the same credentials that my coworkers are using to access the same s3 bucket, to rule out the possibility that I have a typo somewhere, I literally deleted my previous one and used the same one that my coworkers sent to me and put them under ~/.aws/
I also researched other possible reasons, one could be that this S3 bucket doesn't give the permissions to my IAM role, apparently that is not be my case either.
Any help please? What could be the culprit?
The AWS SDK for Java has a
DefaultAWSCredentialsProviderChain
that checks credentials in this order:~/.aws/credentials
) shared by all AWS SDKs and the AWS CLIAWS_CONTAINER_CREDENTIALS_RELATIVE_URI
environment variable is set and security manager has permission to access the variableIt is possible that your credentials are being set prior to your desired configuration file being consulted.
One way to check which credentials are being used is to use the
aws iam get-user
command to show the current user. You could also try that in Java with theGetUser()
call.