Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS S3 upload without access and secret key in Java

Tags:

java

amazon-web-services

amazon-s3

aws-sdk

I want to upload a file to S3 without using my access and secret key from AWS server. AWS keys should be taken as default. However running the below command in server I can access it without providing any access and secret keys.

aws s3 cp somefile.txt s3://somebucket/

From java code its not accessible since it was unable to load credentials. Below is my code.

AmazonS3 s3client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain());
like image 495
Sudipto Das Avatar asked May 19 '17 06:05

Sudipto Das

2 Answers

You can use the below Java code to get the s3client instance when you are trying to connect to S3 bucket from EC2 instance.

AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
              .withCredentials(new InstanceProfileCredentialsProvider(false))
              .build();

This is the recommended way as the application doesn't require to maintain the access keys in property files.

  • IAM role should be created and S3 access should be provided for that role. See the sample policy below.
  • The IAM role should be assigned to the EC2 instance

Sample policy for IAM role:-

{
        "Action": ["s3:PutObject",
        "s3:ListBucket",
        "s3:GetObject",
        "s3:DeleteObject"],
        "Resource": ["arn:aws:s3:::yourBucketName",
        "arn:aws:s3:::yourBucketName/*"],
        "Effect": "Allow",
        "Sid": "AllowBucketLinux"
    }
like image 198
notionquest Avatar answered Sep 19 '22 02:09

notionquest

As per documentation AWS credentials provider chain that looks for credentials in this order :

  1. Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
  2. Java System Properties - aws.accessKeyId and aws.secretKey
  3. Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
  4. Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
  5. Instance profile credentials delivered through the Amazon EC2 metadata service

Check you have specify valid credentials in any of above.
Ref : http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

like image 42
mcacorner Avatar answered Sep 19 '22 02:09

mcacorner
Sign in to Comment

Related questions

JUnit test fails when method arg is annotated @Nonnull
vertx get body of a simple post reques
How to pass the data from the fragment to bottom sheet in android?
Spring Boot integration tests doesn't read properties files
Java 8 lambda: iterate over stream objects and use previous/next object(s) in stream
wildfly as systemd service
What belongs to the Controller-layer, what to the Service-layer?
Skip a column on INSERT with JPA
Run a job with (Spring @Scheduled) on specific days
Google speech API throws Invalid audio channel count
Spring boot override suffix of war file name
How to pass gradle systemProperties JUnit5 tests?
extract list inside a list as a single list
how to use URI templates to change path parameters in a URL in java
Instance Variable in JUnit [duplicate]
Android RecyclerView Adapter is giving null on unit testing
Collectors.toSet implementation detail
Spring Tool Suite launch error - Java was started but returned exit code=13
Is ignite cache thread safe?
How can I quickly load a large txt file into BigInteger?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!