【发布时间】:2019-03-04 19:08:28
【问题描述】:
我试图将文件上传到 s3 存储桶,但收到“拒绝访问”错误。因此使用 aws cli 检查 - 发现我们需要通过 SSE kms 密钥 id 才能使其工作
使用条件添加的存储桶策略:s3:x-amz-server-side-encryption:aws:kms 和 s3:x-amz-server-side-encryption-aws-kms-key-id:key-id。下面是我的代码,它仍然给出访问错误。
有人可以帮忙吗?
public class FileUploadToAWSS3 {
private static final String SUFFIX = "/";
private static final String kms_cmk_id = "arn:aws:kms:";
public void uploadFileToS3Bucket(MultipartFile multipartFile) throws IOException {
AWSCredentials credentials = new BasicAWSCredentials(
"access_key",
"secret_key");
AmazonS3 s3client = new AmazonS3Client(credentials);
s3client.setEndpoint("https://s3.eu-west-1.amazonaws.com");
String bucketName = "my-bucket";
s3client.createBucket(bucketName);
String quarter1 = "root/Folder1";
createFolder(bucketName, quarter1, s3client);
String fileName = quarter1 + SUFFIX + multipartFile.getOriginalFilename();
ObjectMetadata omd = new ObjectMetadata();
omd.setContentType(multipartFile.getContentType());
omd.setContentLength(multipartFile.getSize());
omd.setHeader("filename", multipartFile.getOriginalFilename());
s3client.putObject(new PutObjectRequest(bucketName, fileName,multipartFile.getInputStream(), omd)
.withCannedAcl(CannedAccessControlList.Private)
.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(kms_cmk_id)));
}
private void createFolder(String bucketName, String folderName, AmazonS3 client) {
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentLength(0);
InputStream emptyContent = new ByteArrayInputStream(new byte[0]);
PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName,
folderName + SUFFIX, emptyContent, metadata);
client.putObject(putObjectRequest);
}
}
【问题讨论】: