我想从为我提供 IAM 凭证的环境将文件上传到 Amazon S3。但是我收到此错误:
使用 AWS KMS 托管 key 指定服务器端加密的请求需要 AWS 签名版本 4。(服务:Amazon S3;状态代码:400;错误代码:InvalidArgument;请求 ID:EF93490A8356F585)
IAM 角色如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sam-94a493b-dev"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::sam-bbcb194a493b-dev/*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:us-east-1:000351272236:key/9b7a989c-ee8e-4c83-b765-6debe0f94eaa"
]
}
]
}
我使用默认客户端访问 Amazon S3 客户端,并使用 putObject 方法将对象放入 fileNameWithPath (path/in/s3/filename.ext) 的存储桶中
访问s3的代码如下:
AmazonS3 s3client = AmazonS3ClientBuilder.defaultClient();
s3client.putObject(bucketName, fileNameWithPath, file)
我得到的错误是:
com.amazonaws.services.s3.model.AmazonS3Exception: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: EF93490A8356F585)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1587) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1257) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1029) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:741) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:715) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:697) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:665) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:647) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:511) ~[aws-java-sdk-core-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4227) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4174) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1722) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1577) ~[aws-java-sdk-s3-1.11.163.jar!/:?]
at com.example.services.S3Service.uploadFile(S3Service.java:63) ~[classes!/:?]
我的 aws sdk 版本是 - 1.11.163,默认情况下应该有签名版本 4。不知道问题出在哪里
我已经尝试在 putObject 中设置各种 SSEAlgorithm,例如 'AES256' 和 'AWS4-HMAC-SHA256' 但那些没有帮助。
任何线索都将受到重视。
最佳答案
我按照以下步骤解决了这个问题 -
- 通过
PutObjectRequest显式指定请求 - 创建一个
新的 ObjectMetadata并为其设置SSEAlgorithm- “aws:kms”。 - 将
objectMetadata附加到请求。 - 通过
putObject方法发送请求。
这是代码-
PutObjectRequest request = new PutObjectRequest(bucketName, ruleFilePath, file);
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setSSEAlgorithm("aws:kms");
request.setMetadata(objectMetadata);
this.s3client.putObject(request);
关于java - 如何使用 kms 角色将文件上传到 Amazon S3?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55002133/