The AWS Access Key Id you provided does not exist in our records

Question

I had written a library in PHP using the AWS to communicate with the ECS server. Now I am migrating my code to java. In java I am using the same key and secret which I used in PHP.

In php I used the following method:

$s3 = Aws\S3\S3Client::factory(array( 'base_url' => $this->base_url, 'command.params' => array('PathStyle' => true), 'key' => $this->key, 'secret' => $this->secret ));

In java I am using following method

BasicAWSCredentials(String accessKey, String secretKey);

I am getting the following exception:

Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: 3A3000708C8D7883), S3 Extended Request ID: U2rG9KLBBQrAqa6M2rZj65uhaHhOpZpY2VK1rXzqoGrKVd4R/JdR8aeih/skG4fIrecokE4FY3w=
at      com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1401)
    at         com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:945)
    at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:723)
    at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:475)
    at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:437)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:386)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3996)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3933)
    at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:851)
    at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:857)
    at com.justdial.DocUpload.DocUpload.main(DocUpload.java:22)

Do I need a new key and secret for Java or the previous one can be used.

My questions are: 1 - Is then any prerequisite that we need to follow before using AWS's BasicAwsCredentials() method. 2 - Do we need to create the IAM roles. 3 - If we do then how will it come to know which IP to hit as in case of PHP in Aws\S3\S3Client::factory method I was specifying the base url.

Answer 1

Following code worked for me.

String accesskey = "objuser1";
String secret = "xxxxxxxxxxxxxxxx";
ClientConfiguration config = new ClientConfiguration();
config.setProtocol(Protocol.HTTP);
AmazonS3 s3 = new AmazonS3Client(new BasicAWSCredentials(accesskey, secret), config);
S3ClientOptions options =  new S3ClientOptions();
options.setPathStyleAccess(true);
s3.setS3ClientOptions(options);
s3.setEndpoint("1.2.3.4:9020");  //ECS IP Address
System.out.println("Listing buckets");
for (Bucket bucket : s3.listBuckets()) {
    System.out.println(" - " + bucket.getName());
}
System.out.println();

Answer 2

AWS access key and secret access keys are independent of SDKs you use (doesn't matter whether you use PHP, Java or Ruby etc), it's more about granting and getting access to services you run/use on AWS.

Root cause of the error is I think you've not set AWS region though you've given access key and secret access key. Please check this to set AWS credentials for Java.

To answer your questions.

1. As far as I know BasicAwsCredentials() itself acts as prerequisite step before you want to do anything with Amazon services. Only prerequisite for BasicAwsCredentials() is to have the authentication keys.

2. No, it's not mandatory step. It's an alternative. Please check the definition of IAM role from this link.

3. You can use the 'endpoint' to do the same job in Java. Check 'endpoint' details from this link.

Please take a look at the examples from here. Using the same method I'm able to successfully do the 'BasicAwsCredentials()'. And also cross check whether 'access key' and 'secret access key' have necessary permissions to access Amazon services as per your need. Check IAM user, group and ensure they've necessary AWS permissions.