I have set S3 bucket policy in my S3 account via web browser
我已经通过Web浏览器在我的S3帐户中设置了S3存储桶策略
https://i.stack.imgur.com/sppyr.png
https://i.stack.imgur.com/sppyr.png
My issue is, the java code of my web app when run in my local laptop, it uploads image to S3.
我的问题是,在我的本地笔记本电脑上运行我的网络应用程序的java代码,它将图像上传到S3。
final AmazonS3 s3 = new AmazonS3Client(
new AWSStaticCredentialsProvider(new BasicAWSCredentials("accessKey*",
"secretKey")));
s3.setRegion(Region.US_West.toAWSRegion());
s3.setEndpoint("s3-us-west-1.amazonaws.com");
versionId = s3.putObject(new PutObjectRequest("bucketName", name, convFile)).getVersionId();
But when I deploy my web app to Elastic Beanstalk, it doesn't successfully upload images to S3 object. So Should I programmatically code S3 bucket policy again in my Java Code?
但是,当我将我的Web应用程序部署到Elastic Beanstalk时,它无法成功将图像上载到S3对象。那么我应该在我的Java代码中以编程方式再次编写S3存储桶策略吗?
PS: Additional details that may be useful : Why am I able to upload to AWS S3 from my localhost, but not from my AWS Elastic BeanStalk instance?
PS:可能有用的其他详细信息:为什么我能够从本地主机上传到AWS S3,而不是从我的AWS Elastic BeanStalk实例上传到AWS S3?
1 个解决方案
#1
1
Your S3 bucket policy is too permissive. You should delete it asap.
您的S3存储桶策略过于宽松。你应该尽快删除它。
Instead of explicitly supply credentials to your Elastic Beanstalk app in code, you should create an IAM role that the Elastic Beanstalk app will assume. That IAM role should have an attached IAM policy that allows appropriate access to your S3 bucket, and to the objects in the bucket.
您应该创建一个Elastic Beanstalk应用程序将承担的IAM角色,而不是在代码中明确地向您的Elastic Beanstalk应用程序提供凭据。该IAM角色应具有附加的IAM策略,该策略允许对S3存储桶以及存储桶中的对象进行适当的访问。
When testing on your laptop, your app does not need to have credentials in the code. Instead, your app should leverage the fact that the AWS SDK will retrieve credentials for you from the environment that the app is running in. You should use the default credential provider chain.
在笔记本电脑上进行测试时,您的应用不需要在代码中使用凭据。相反,您的应用应该利用AWS SDK将从运行该应用程序的环境中为您检索凭据这一事实。您应该使用默认凭据提供程序链。
#1
1
Your S3 bucket policy is too permissive. You should delete it asap.
您的S3存储桶策略过于宽松。你应该尽快删除它。
Instead of explicitly supply credentials to your Elastic Beanstalk app in code, you should create an IAM role that the Elastic Beanstalk app will assume. That IAM role should have an attached IAM policy that allows appropriate access to your S3 bucket, and to the objects in the bucket.
您应该创建一个Elastic Beanstalk应用程序将承担的IAM角色,而不是在代码中明确地向您的Elastic Beanstalk应用程序提供凭据。该IAM角色应具有附加的IAM策略,该策略允许对S3存储桶以及存储桶中的对象进行适当的访问。
When testing on your laptop, your app does not need to have credentials in the code. Instead, your app should leverage the fact that the AWS SDK will retrieve credentials for you from the environment that the app is running in. You should use the default credential provider chain.
在笔记本电脑上进行测试时,您的应用不需要在代码中使用凭据。相反,您的应用应该利用AWS SDK将从运行该应用程序的环境中为您检索凭据这一事实。您应该使用默认凭据提供程序链。