Menu
I am unable to deploy maven artifacts to S3.
I receive AccessDenied exception even though I have write access to the bucket.
When I run mvn deploy -DskipTests, I get following error:
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 5CFBE8472B760710; S3 Extended Request ID: cxvn4bs9sg2hNEZRbno2dxocwSj8i6jCSNSQtsZL2H7h2y/cY2koFhExrGv3mACLK+kfcxHfKkg=), S3 Extended Request ID: cxvn4bs9sg2hNEZRbno2dxocwSj8i6jCSNSQtsZL2H7h2y/cY2koFhExrGv3mACLK+kfcxHfKkg=
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1630)
S3 Request triggered by wagon plugin:
>> PUT /release/ HTTP/1.1
>> Host: inuka-mvn-repo.s3.eu-west-1.amazonaws.com
>> x-amz-content-sha256: UNSIGNED-PAYLOAD
>> Authorization: AWS4-HMAC-SHA256 Credential=AKIAUMQWI47EFQZPBQW3/20191018/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b20a1e2fb100eae4b70d7c0922fde9164bc7326d02074627e54d860359d8b298
>> X-Amz-Date: 20191018T145734Z
>> x-amz-acl: public-read
>> User-Agent: aws-sdk-java/1.11.276 Mac_OS_X/10.13.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23 java/1.8.0_60
>> amz-sdk-invocation-id: 47ea0bcd-c021-6d48-2547-f9a276c055cd
>> amz-sdk-retry: 0/0/500
>> Content-Type: application/octet-stream
>> Content-Length: 0
>> Connection: Keep-Alive
>> "PUT /release/ HTTP/1.1"
>> "Host: inuka-mvn-repo.s3.eu-west-1.amazonaws.com"
>> "x-amz-content-sha256: UNSIGNED-PAYLOAD"
>> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAUMQWI47EFQZPBQW3/20191018/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b20a1e2fb100eae4b70d7c0922fde9164bc7326d02074627e54d860359d8b298"
>> "X-Amz-Date: 20191018T145734Z"
>> "x-amz-acl: public-read"
>> "User-Agent: aws-sdk-java/1.11.276 Mac_OS_X/10.13.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23 java/1.8.0_60"
>> "amz-sdk-invocation-id: 47ea0bcd-c021-6d48-2547-f9a276c055cd"
>> "amz-sdk-retry: 0/0/500"
>> "Content-Type: application/octet-stream"
>> "Content-Length: 0"
>> "Connection: Keep-Alive"
>> ""
S3 Response
<< "HTTP/1.1 403 Forbidden"
<< "x-amz-request-id: 83C798E7B7B523ED"
<< "x-amz-id-2: 6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA="
<< "Content-Type: application/xml"
<< "Transfer-Encoding: chunked"
<< "Date: Fri, 18 Oct 2019 14:57:33 GMT"
<< "Server: AmazonS3"
<< ""
<< HTTP/1.1 403 Forbidden
<< x-amz-request-id: 83C798E7B7B523ED
<< x-amz-id-2: 6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA=
<< Content-Type: application/xml
<< Transfer-Encoding: chunked
<< Date: Fri, 18 Oct 2019 14:57:33 GMT
<< Server: AmazonS3
e kept alive for 60000 MILLISECONDS
<< "f3"
<< "<?xml version="1.0" encoding="UTF-8"?>[\n]"
<< "<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>83C798E7B7B523ED</RequestId><HostId>6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA=</HostId></Error>"
<< "0"
<< ""
I use com.github.platform-team:aws-maven for uploading to S3
<build>
...
<extensions>
<extension>
<groupId>com.github.platform-team</groupId>
<artifactId>aws-maven</artifactId>
<version>6.0.0</version>
</extension>
</extensions>
</build>
This is my maven repo configuration
<distributionManagement>
<repository>
<id>repo.inuka</id>
<url>s3://*****-mvn-repo/release</url>
</repository>
</distributionManagement>
I have write access to s3 from command line:
halils-mbp:inuka-be halil$ aws s3 cp pom.xml s3://inuka-mvn-repo
upload: ./pom.xml to s3://inuka-mvn-repo/pom.xml
Can anybody help me, why maven wagon plugin com.github.platform-team:aws-maven cannot upload to S3?
351
The best solution I've been able to find consists of these steps: Create a branch called mvn-repo to host your maven artifacts. Use the github site-maven-plugin to push your artifacts to github. Configure maven to use your remote mvn-repo as a maven repository.
This project is an implementation of a multi-threaded Wagon provider for accessing Amazon's Simple Storage Service (S3). It enables Maven to download files from and deploy files to S3. It draws heavily from code developed by Jeff Caddel at Kuali and Ben Hale at SpringSource.
The Amazon S3 repository enables users to copy files from Amazon S3 into Moodle.
Where as the repositories element specifies in the POM the location and manner in which Maven may download remote artifacts for use by the current project, distributionManagement specifies where (and how) this project will get to a remote repository when it is deployed.
Most of the Maven S3 wagons out there, including the one referenced in the question, don't seem to support writing to buckets with private permissions out of the box. The result is that even if your IAM policies are fine, and your authentication details are fine, you'll get a 403 when it comes to that PUT call.
The only one I've found which works out of the box for private buckets is the Allogy wagon:
<build>
...
<extensions>
<extension>
<groupId>com.allogy.maven.wagon</groupId>
<artifactId>maven-s3-wagon</artifactId>
<version>1.2.0</version>
</extension>
</extensions>
...
</build>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
