AWS S3 upload without access and secret key in Java

问题:

I want to upload a file to S3 without using my access and secret key from AWS server. AWS keys should be taken as default. However running the below command in server I can access it without providing any access and secret keys.

aws s3 cp somefile.txt s3://somebucket/

From java code its not accessible since it was unable to load credentials. Below is my code.

AmazonS3 s3client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain()); 

回答1:

You can use the below Java code to get the s3client instance when you are trying to connect to S3 bucket from EC2 instance.

AmazonS3 s3Client = AmazonS3ClientBuilder.standard()               .withCredentials(new InstanceProfileCredentialsProvider(false))               .build(); 

This is the recommended way as the application doesn't require to maintain the access keys in property files.

• IAM role should be created and S3 access should be provided for that role. See the sample policy below.
• The IAM role should be assigned to the EC2 instance

Sample policy for IAM role:-

{         "Action": ["s3:PutObject",         "s3:ListBucket",         "s3:GetObject",         "s3:DeleteObject"],         "Resource": ["arn:aws:s3:::yourBucketName",         "arn:aws:s3:::yourBucketName/*"],         "Effect": "Allow",         "Sid": "AllowBucketLinux"     } 

回答2:

As per documentation AWS credentials provider chain that looks for credentials in this order :

1. Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
2. Java System Properties - aws.accessKeyId and aws.secretKey
3. Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
4. Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
5. Instance profile credentials delivered through the Amazon EC2 metadata service

Check you have specify valid credentials in any of above.
Ref : http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

文章来源: AWS S3 upload without access and secret key in Java