1. 首頁
  2. 問答
  3. 亞馬遜網絡服務S3訪問被拒絕

亞馬遜網絡服務S3訪問被拒絕

2017-03-09 180 views
0

我在從我的應用程序訪問我的aws S3服務器存儲區時遇到問題。我在存儲桶日誌文件中收到請求,但訪問被拒絕。 我有和內聯策略和託管策略允許完全訪問服務器,以及設置允許每個人的服務器權限,但它仍然說拒絕訪問。 也創建了正確池的標識。 在應用程序結束時,我收到一條消息,指出找不到存儲桶。 服務器區域是倫敦。亞馬遜網絡服務S3訪問被拒絕

我已經閱讀了很多關於這個問題的其他問題,但沒有一個解決了我的問題。

謝謝

內嵌未經驗證的IAM政策

{ 
"Version": "2012-10-17", 
"Statement": [ 
    { 
     "Sid": "Stmt1488834891000", 
     "Effect": "Allow", 
     "Action": [ 
      "s3:*" 
     ], 
     "Resource": [ 
      "arn:aws:s3:::ascentserver/*" 
     ] 
    } 
]

}

由於某種原因,這並沒有對政策模擬器的工作,我嘗試添加的資源桶和服務,沒沒有幫助。

託管策略是默認的S3完全訪問和模擬爲工作。

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Effect": "Allow", 
     "Action": "s3:*", 
     "Resource": "*" 
    } 
    ] 
}

代碼片段解決服務器:

public void setFileToUpload(){ 

     TransferObserver transferObserver = transferUtility.upload(
       "http://ascentserver.s3.eu-west-2.amazonaws.com",  /* The bucket to upload to */ 
       "TEST.png", /* The key for the uploaded object */ 
       fileToUpload  /* The file where the data to upload exists */ 
     ); 

     transferObserverListener(transferObserver); 
    }

來源

2017-03-09 Nicholas Menzel

+1

也許會更好,如果你能提供更多的信息,將允許別人幫你,比如你的應用程序,其中/它是如何託管,AWS SDK的類型您正在使用或執行S3請求的代碼段,您正在使用的IAM策略以及您所連接的實體以及您在訪問S3時使用的URL模式。 –

回答

0

您需要爲transferUtility.upload()方法提供水桶名ascentserver而不是http://ascentserver.s3.eu-west-2.amazonaws.com並確保AmazonS3Client使用正確的區域,而不是默認通過明確設置端點爲s3.setEndpoint("s3.eu-west-2.amazonaws.com")

例如:

CognitoCachingCredentialsProvider credProvider = new CognitoCachingCredentialsProvider(
    getApplicationContext(),  
    "YOUR_COGNITO_POOL_ID",  
    Regions.EU_WEST_2   
); 

AmazonS3 s3 = new AmazonS3Client(credProvider); 
s3.setEndpoint("s3.eu-west-2.amazonaws.com"); 

TransferUtility transferUtility = new TransferUtility(s3, getApplicationContext()); 

TransferObserver transferObserver = transferUtility.upload(
    "ascentserver", 
    "TEST.png", 
    fileToUpload 
); 

. 
. 
.

來源

2017-03-10 20:39:57

+0

這樣做會給我們提供「桶必須指定指定端點」的錯誤,並且它仍然無法訪問服務器。 –

+0

您需要確保'AmazonS3Client'使用正確的區域,而不是默認的區域,方法是明確地將端點設置爲s3.setEndpoint(「s3.eu-west-2.amazonaws.com」)。看到我更新的答案。 –

0

所以我們一直使用的代碼如下: 注意到這些都只是片段,而不是整個代碼

[在主]

import com.amazonaws.auth.CognitoCachingCredentialsProvider; 
import com.amazonaws.mobileconnectors.s3.transferutility.TransferListener; 
import com.amazonaws.mobileconnectors.s3.transferutility.TransferObserver; 
import com.amazonaws.mobileconnectors.s3.transferutility.TransferState; 
import com.amazonaws.mobileconnectors.s3.transferutility.TransferUtility; 
import com.amazonaws.regions.Region; 
import com.amazonaws.regions.Regions; 
import com.amazonaws.services.s3.AmazonS3; 
import com.amazonaws.services.s3.AmazonS3Client; 

import java.io.File; 

public class MainActivity extends AppCompatActivity 
    implements NavigationView.OnNavigationItemSelectedListener { 

File fileToUpload = new  File("/storage/emulated/0/Pictures/Screenshots/TEST.png"); 
File fileToDownload = new File("/storage/emulated/0/Download/TEST"); 
AmazonS3 s3; 
TransferUtility transferUtility; 

@Override 
protected void onCreate(Bundle savedInstanceState) { 
    super.onCreate(savedInstanceState); 
    setContentView(R.layout.activity_main); 
    Toolbar toolbar = (Toolbar) findViewById(R.id.toolbar); 
    setSupportActionBar(toolbar); 

    // callback method to call credentialsProvider method 
    credentialsProvider(); 

    // callback method to call the setTransferUtility method 
    setTransferUtility(); 
} 

public void credentialsProvider(){ 

    // Initialize the Amazon Cognito credentials provider 
    CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
      getApplicationContext(), 
      "eu-west-1:0e33dea3-6075-4ea5-a268-b0c1364f5107", // Identity Pool ID 
      Regions.EU_WEST_1 // Region 
    ); 

    setAmazonS3Client(credentialsProvider); 
} 

public void setAmazonS3Client(CognitoCachingCredentialsProvider credentialsProvider){ 

    // Create an S3 client 
    s3 = new AmazonS3Client(credentialsProvider); 

    // Set the region of your S3 bucket 
    s3.setRegion(Region.getRegion(Regions.EU_WEST_1)); 

} 

public void setTransferUtility(){ 

    transferUtility = new TransferUtility(s3, getApplicationContext()); 
} 

public void setFileToUpload(){ 

    TransferObserver transferObserver = transferUtility.upload(
      "http://ascentserver.s3.eu-west-2.amazonaws.com",  /* The bucket to upload to */ 
      "TEST.png", /* The key for the uploaded object */ 
      fileToUpload  /* The file where the data to upload exists */ 
    ); 

    transferObserverListener(transferObserver); 
} 

public void setFileToDownload(){ 

    TransferObserver transferObserver = transferUtility.download(
      "http://ascentserver.s3.eu-west-2.amazonaws.com",  /* The bucket to download from */ 
      "TEST.png", /* The key for the object to download */ 
      fileToDownload  /* The file to download the object to */ 
    ); 

    transferObserverListener(transferObserver); 

} 

public void transferObserverListener(TransferObserver transferObserver){ 

    // listener that provides status of download 
    transferObserver.setTransferListener(new TransferListener(){ 

     @Override 
     public void onStateChanged(int id, TransferState state) { 
      Log.e("statechange", state+""); 
     } 

     @Override 
     public void onProgressChanged(int id, long bytesCurrent, long bytesTotal) { 
      int percentage = (int) (bytesCurrent/bytesTotal * 100); 
      Log.e("percentage",percentage +""); 
     } 

     @Override 
     public void onError(int id, Exception ex) { 
      Log.e("error","error"); 
     } 

    }); 
} 
}

[依賴性]

compile 'com.amazonaws:aws-android-sdk-core:2.2.13' 
compile 'com.amazonaws:aws-android-sdk-cognito:2.2.13' 
compile 'com.amazonaws:aws-android-sdk-s3:2.2.13' 
compile 'com.amazonaws:aws-android-sdk-ddb:2.2.13'

[清單] 

<uses-permission android:name="android.permission.INTERNET"/> 
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> 
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> 
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/> 

<service 
     android:name="com.amazonaws.mobileconnectors.s3.transferutility.TransferService" 
     android:enabled="true" />

來源

2017-03-09 22:40:16

相關問題

 相關問題