Accessing a GCS bucket from GCE without credentials using a S3 library

0
votes

I am trying to migrate an existing application that was using IAM permissions to write to a S3 bucket from EC2. According to Google documentation, you have a way to keep the same code and take advantage of the compatibility of GCS apis with S3. However, using the same code (I am just overriding the endpoint to use storage.googleapis.com instead), I hit the following exception:

com.amazonaws.SdkClientException: The requested metadata is not found at http://169.254.169.254/latest/meta-data/iam/security-credentials/ at com.amazonaws.internal.EC2CredentialsUtils.readResource(EC2CredentialsUtils.java:115) at com.amazonaws.internal.EC2CredentialsUtils.readResource(EC2CredentialsUtils.java:77) at

Is there a way to do that without having to pass an access key and a secret key to my app?

1
amazon-s3google-cloud-storage

1 Answers

0
votes

If you want to keep using your existing API, the only way is by using a Google developer key, a simple migration always requires these two steps:

  1. Change the request endpoint to to the Cloud Storage request endpoint: As you mentioned, you already completed this step by overriding to the Cloud Storage request endpoint:

    https://storage.googleapis.com/[BUCKET_NAME]/[OBJECT_NAME]

  2. Replace the AWS access and secret Key with your Google developer key: Because you are no longer going to be able to keep using the same IAM permissions you have previously set on AWS, authorization must be done using and access key and and a secret key, you will need to include an Authorization request header using your Google access key and create a signature using your Google secret key:

    Authorization: AWS GOOG-ACCESS-KEY:signature

For further information, please check Authenticating in a simple migration scenario.