使用特定帐户 ID 测试 S3 列表存储桶
Testing S3 List bucket with particular account id
我创建了一个 s3 bucket.I 里面有文件 tat bucket.I 将它托管为静态网站 site.Following 是我的桶 policy.Every 应该可以查看的内容我的文件和只有指定的用户 ID 应该能够列出存储桶 elements.Following 是我的存储桶策略。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<!-- account id without hyphen -->:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<!-- bucket name -->"
},
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<!-- bucket name -->/*"
}
]
}
以下是我的 java 程序,用于检查存储桶内容列表。
问题:
1)它没有列出我的存储桶中存在的文件(我已经给了我自己的访问密钥和秘密密钥)
2) 如何检查我在存储桶策略中提供的特定帐户 ID 是否有权列出存储桶 content.Where 以提供帐户 ID 和签入程序?
package Cloud.AWS_CloudTest;
import java.io.IOException;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.ListObjectsRequest;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.s3.model.S3ObjectSummary;
public class App {
private static String bucketName = "bucket name";
public static void main( String[] args ) throws IOException{
AWSCredentials basicCredentials = new BasicAWSCredentials("access key", "secret key");
AmazonS3 s3client = new AmazonS3Client(basicCredentials);
s3client.setRegion(Region.getRegion(Regions.US_WEST_2));
try {
System.out.println("Listing objects");
ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
.withBucketName(bucketName)
.withPrefix("m");
ObjectListing objectListing;
do {
objectListing = s3client.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary :
objectListing.getObjectSummaries()) {
System.out.println(" - " + objectSummary.getKey() + " " +
"(size = " + objectSummary.getSize() +
")");
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
System.out.println("Caught an AmazonServiceException, " +
"which means your request made it " +
"to Amazon S3, but was rejected with an error response " +
"for some reason.");
System.out.println("Error Message: " + ase.getMessage());
System.out.println("HTTP Status Code: " + ase.getStatusCode());
System.out.println("AWS Error Code: " + ase.getErrorCode());
System.out.println("Error Type: " + ase.getErrorType());
System.out.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.out.println("Caught an AmazonClientException, " +
"which means the client encountered " +
"an internal error while trying to communicate" +
" with S3, " +
"such as not being able to access the network.");
System.out.println("Error Message: " + ace.getMessage());
}
}
}
请说明为什么它没有列出以及如何检查我在存储桶策略中提供的特定帐户 ID 的访问权限。
我找到了解决方法。
1) 由于
,它没有列出存储桶中存在的文件
.withPrefix("m")
删除此行后它开始正常工作。
2)实际上是根据access key和secret key取account id。
所以如果account id(对应程序中给出的access key和secret key)在bucket policy中被授予访问权限,那么它会列出bucket的内容。
我创建了一个 s3 bucket.I 里面有文件 tat bucket.I 将它托管为静态网站 site.Following 是我的桶 policy.Every 应该可以查看的内容我的文件和只有指定的用户 ID 应该能够列出存储桶 elements.Following 是我的存储桶策略。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<!-- account id without hyphen -->:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<!-- bucket name -->"
},
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<!-- bucket name -->/*"
}
]
}
以下是我的 java 程序,用于检查存储桶内容列表。 问题: 1)它没有列出我的存储桶中存在的文件(我已经给了我自己的访问密钥和秘密密钥) 2) 如何检查我在存储桶策略中提供的特定帐户 ID 是否有权列出存储桶 content.Where 以提供帐户 ID 和签入程序?
package Cloud.AWS_CloudTest;
import java.io.IOException;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.ListObjectsRequest;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.s3.model.S3ObjectSummary;
public class App {
private static String bucketName = "bucket name";
public static void main( String[] args ) throws IOException{
AWSCredentials basicCredentials = new BasicAWSCredentials("access key", "secret key");
AmazonS3 s3client = new AmazonS3Client(basicCredentials);
s3client.setRegion(Region.getRegion(Regions.US_WEST_2));
try {
System.out.println("Listing objects");
ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
.withBucketName(bucketName)
.withPrefix("m");
ObjectListing objectListing;
do {
objectListing = s3client.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary :
objectListing.getObjectSummaries()) {
System.out.println(" - " + objectSummary.getKey() + " " +
"(size = " + objectSummary.getSize() +
")");
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
System.out.println("Caught an AmazonServiceException, " +
"which means your request made it " +
"to Amazon S3, but was rejected with an error response " +
"for some reason.");
System.out.println("Error Message: " + ase.getMessage());
System.out.println("HTTP Status Code: " + ase.getStatusCode());
System.out.println("AWS Error Code: " + ase.getErrorCode());
System.out.println("Error Type: " + ase.getErrorType());
System.out.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.out.println("Caught an AmazonClientException, " +
"which means the client encountered " +
"an internal error while trying to communicate" +
" with S3, " +
"such as not being able to access the network.");
System.out.println("Error Message: " + ace.getMessage());
}
}
}
请说明为什么它没有列出以及如何检查我在存储桶策略中提供的特定帐户 ID 的访问权限。
我找到了解决方法。
1) 由于
,它没有列出存储桶中存在的文件.withPrefix("m")
删除此行后它开始正常工作。
2)实际上是根据access key和secret key取account id。 所以如果account id(对应程序中给出的access key和secret key)在bucket policy中被授予访问权限,那么它会列出bucket的内容。