代码之家 › 专栏 › 技术社区 › Damien-Amen

无法使用AES服务器端加密将对象上载到S3

aws-sdk amazon-s3 amazon-web-services java

Damien-Amen · 技术社区 · 7 年前

我正在尝试将对象上载到 S3 铲斗通过 Java API。不管我怎么做 Access Denied 例外

private static void serverSideEncryption() throws NoSuchAlgorithmException {
    AmazonS3 S3_CLIENT = AmazonS3ClientBuilder.standard()
                                              .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                                              .withRegion(Regions.US_EAST_1)
                                              .build();
    PutObjectRequest putRequest = new PutObjectRequest(BUCKET_NAME, "dfsdf.ss",
            new File("/Users/fsdfs/Desktop/test.jpeg"));
    S3_CLIENT.putObject(putRequest);
    System.out.println("Object uploaded");
}

当我运行这个时

Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: AD1105A291B609D8; S3 Extended Request ID: Ls5wbbW2Yd43p75MJGSOjex0KvmgPiqNBupxpCcEvdMRkK4iptNPNCEwyOqokA=), S3 Extended Request ID: Ls5wbbW2Yd43p75MJGSOje70iqNBupxpCcEvdMRkK4iptNPNCEwyOqokA=
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1632)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4365)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4312)
    at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1755)
    at com.xxx.aws.s3.S3Service.serverSideEncryption(S3Service.java:72)
    at com.xxx.aws.s3.S3Service.main(S3Service.java:58)

但是如果我从 AWS CLI 使用

aws s3api put-object --bucket zzz-yyy-xxx --key test/testfdf --server-side-encryption AES256

它工作得非常好。

我还尝试了下面的代码

private static void serverSideEncryption() throws NoSuchAlgorithmException {
    KEY_GENERATOR = KeyGenerator.getInstance("AES");
    KEY_GENERATOR.init(256, new SecureRandom());
    SSE_KEY = new SSECustomerKey(KEY_GENERATOR.generateKey());
    AmazonS3 S3_CLIENT = AmazonS3ClientBuilder.standard()
                                              .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                                              .withRegion(Regions.US_EAST_1)
                                              .build();
    PutObjectRequest putRequest = new PutObjectRequest(BUCKET_NAME, "dfsdf.ss",
            new File("/Users/xx-xx/Desktop/dfdf.jpeg")).withSSECustomerKey(SSE_KEY);
    S3_CLIENT.putObject(putRequest);
    System.out.println("Object uploaded");
}

我的bucket策略设置为AES加密

1 回复 | 直到 7 年前

Paul Jay 7 年前

检查您的bucket名称和访问密钥是否正确,403表示密钥不存在。这可能意味着bucket名称中的密钥或您的访问密钥。

检查两者以确保。

编辑:遵循AWS S3 SSE文档 https://atdocs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html

要上载具有服务器端加密的对象,需要使用 ObjectMetaData 方法指定服务器端加密密钥,然后可以将此对象的引用用作 PutObjectRequest 。

归因于OP的修改 https://stackoverflow.com/users/1629109/damien-amen