Menu
I know you can try to read the ACLs or Bucket Policies through the Java SDK, but is there any easy way to just check if you have read and/or write permissions to a bucket and/or its contents? I don't see any "haveReadPermissions()" method or anything in the AmazonS3 class, but maybe I'm missing something? I find it hard to believe there's no easy way to check permissions.
671
Sign in to the AWS Management Console using the account that has the S3 bucket. Open the Amazon S3 console at https://console.aws.amazon.com/s3/ . Select the bucket that you want AWS Config to use to deliver configuration items, and then choose Properties. Choose Permissions.
We can get these credentials in two ways, either by using AWS root account credentials from the access keys section of the Security Credentials page, or by using IAM user credentials from the IAM console. Choosing AWS Region: We also have to select the AWS region(s) where we want to store our Amazon S3 data.
To access Amazon Simple Storage Service, create an AWS. S3 service object. Call the listBuckets method of the Amazon S3 service object to retrieve a list of your buckets. The data parameter of the callback function has a Buckets property containing an array of maps to represent the buckets.
I think the answer is that there's no fool-proof way to do this, at least not at this time. There are a couple other methods you can use to try to get around this. I originally tried to use the getBucketLocation() method to determine if my given user had read access to the bucket, but it turns out you must be the owner of the bucket to use this method... so that didn't work.
For read access, there is another hack you can use. Just use something along the lines of getObject(bucketName, UUID.randomUUID().toString()) - this will throw an exception because you are trying to fetch a key that doesn't exist. Catch the AmazonServiceException (or AmazonS3Exception) and check that the e.getErrorCode() equals "NoSuchKey". If this is the case, then you have read access to the bucket. If it's any other error code, then you don't have access, or the bucket doesn't exist, etc (it could be any number of things). Make sure you explicitly check the ErrorCode not the StatusCode, because you will also get a 404 StatusCode if the bucket doesn't exist (which is the same StatusCode you get when the key doesn't exist). Here's the complete list of S3 error/status codes: http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
For write access, it's not as simple. The best way is to actually write a small test file to the bucket (and then maybe try to delete it). Besides that, if you want to check for more generic permissions, using a method like PutObjectAcl will determine if your user has "s3:Put*" permissions (you can set the ACL to the exact same as the current ACL by reading it first and then using that to set it).
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
