java测试S3列出具有特定帐户id的bucket
我已经创建了一个s3 bucket。我的桶里有文件。我把它作为静态网站托管。以下是我的布克特政策。每个人都应该能够查看我的文件的内容,并且只有指定的用户id才能列出bucket元素。以下是我的桶政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<!-- account id without hyphen -->:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<!-- bucket name -->"
},
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<!-- bucket name -->/*"
}
]
}
下面是我检查bucket内容列表的java程序。 问题: 1) 它没有列出存储桶中的文件(我已经给出了自己的访问密钥和密钥) 2) 如何检查我在bucket策略中提供的特定帐户id是否有权列出bucket内容。在哪里提供帐户id和登记程序
package Cloud.AWS_CloudTest;
import java.io.IOException;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.ListObjectsRequest;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.s3.model.S3ObjectSummary;
public class App {
private static String bucketName = "bucket name";
public static void main( String[] args ) throws IOException{
AWSCredentials basicCredentials = new BasicAWSCredentials("access key", "secret key");
AmazonS3 s3client = new AmazonS3Client(basicCredentials);
s3client.setRegion(Region.getRegion(Regions.US_WEST_2));
try {
System.out.println("Listing objects");
ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
.withBucketName(bucketName)
.withPrefix("m");
ObjectListing objectListing;
do {
objectListing = s3client.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary :
objectListing.getObjectSummaries()) {
System.out.println(" - " + objectSummary.getKey() + " " +
"(size = " + objectSummary.getSize() +
")");
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
System.out.println("Caught an AmazonServiceException, " +
"which means your request made it " +
"to Amazon S3, but was rejected with an error response " +
"for some reason.");
System.out.println("Error Message: " + ase.getMessage());
System.out.println("HTTP Status Code: " + ase.getStatusCode());
System.out.println("AWS Error Code: " + ase.getErrorCode());
System.out.println("Error Type: " + ase.getErrorType());
System.out.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.out.println("Caught an AmazonClientException, " +
"which means the client encountered " +
"an internal error while trying to communicate" +
" with S3, " +
"such as not being able to access the network.");
System.out.println("Error Message: " + ace.getMessage());
}
}
}
请告诉我为什么它没有列出,以及如何检查我在bucket策略中给出的特定帐户id的访问权限
# 1 楼答案
我找到了解决办法
1)由于
拆下这条线后,它开始正常工作
2)实际上是基于访问密钥和密钥的帐户id。 因此,如果帐户id(对应于程序中给定的访问密钥和密钥)在bucket策略中被授予访问权限,那么它将列出bucket内容