Not able to put object in S3 bucket when it does not have public access

0
votes

I'm tying to write object to s3 bucket in my aws account but it fails with below error.

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 34399CEF4B28B50D; S3 Extended Request ID:

I tried making the bucket public with full access and then I'm able to write to it.

Code I have written to write object to S3 bucket :

......

private final AmazonS3 amazonS3Client;

........

  final PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, s3Key, stream,
                                                                           metadata);
            amazonS3Client.putObject(putObjectRequest);
            final URL url = amazonS3Client.getUrl(bucketName, s3Key);

I am building my S3 client as :

@Configuration
public class AWSConfig {

    @Bean
    public AmazonS3 amazonS3Client() {
        String awsRegion = System.getenv("AWS_REGION");
        if (StringUtils.isBlank(awsRegion)) {
            awsRegion = Regions.getCurrentRegion().getName();
        }
        return AmazonS3ClientBuilder.standard()
                                    .withCredentials(new DefaultAWSCredentialsProviderChain())
                                    .withRegion(awsRegion)
                                    .build();
    }
}

Please suggest me if I am missing anything and how can I fix the error mentioned above.

3
javaamazon-web-servicesamazon-s3aws-sdk
I have found the solution for this. Issue was that the java service from where I was trying to call put object request does not have access to s3 bucket. For resolving this, I have added permission for the instance where my service was running to access the s3 bucket which resolved the problem. - MK dev

3 Answers

0
votes

You are missing Access Keys (Access Key ID and Secret Access Key)

Right now it only works if you set the bucket to public, because you are not providing any Access Keys.

Access Keys are can be best compared with API keys, which provide a secure way of accessing private data in AWS.

You will need:

.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(ACCESSKEY, SECRETKEY)));

See the official documentation on how to generate/obtain them.

0
votes

Make sure below option is "off"

s3--> mybucket --> Permissions --> Block all public access -->> off

0
votes

I have found the solution for this. Issue was that the java service from where I was trying to call put object request does not have access to s3 bucket. For resolving this, I have added permission for the instance where my service was running to access the s3 bucket which resolved the problem.