I created an AWS IAM user and used the S3 Bucket policy to grant this user all privileges for a specific bucket and its related objects as shown below (where Xs are used there should be some specific identifiers). This user can programmatically(AWS JAVA SDK) add(upload) and delete files from this bucket but i am confused why he cannot download any file. I know the question somehow like this has been asked here but it seems that the problem there was because he did not specify the bucket level access which in my case i have done. belew is the S3 Bucket policy.
{
"Version": "2012-10-17",
"Id": "PolicyXXXXXXXXXXXXX",
"Statement": [
{
"Sid": "StmtXXXXXXXXXXXXX",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/username"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketName"
},
{
"Sid": "StmtXXXXXXXXXXXXX",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/username"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketName/*"
}
]
}
Below is the download source code
public void downloadS3(String bucketName, String accessKey, String secretKey, String urlString)
throws AmazonServiceException, AmazonClientException, IOException {
BasicAWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
System.out.println("bucket Name:"+bucketName);
AmazonS3 s3 = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(creds))
.withRegion(Regions.US_EAST_2).build() ;
//The urlString is the s3 object url saved in database
URL url = new URL(urlString);
String key=(FilenameUtils.getName(url.getPath())); // -> file.extension
System.out.println("Downloading an object file with name:"+key);
//This returns an ObjectMetadata file which we don't need to use it in this case
//ObjectMetadata object =
s3.getObject(new GetObjectRequest(bucketName, key), new File(key));
/*end downloading logic*/
System.out.println("File "+key+" Downloaded succesifully ");
}
public void downloadFile(String urlString) {
ExecutorService service = Executors.newFixedThreadPool(4);
service.submit(new Runnable() {
public void run() {
try {
this.downloadS3("bucket",accessKey,secretKey,urlString);
} catch (AmazonServiceException ase) {
System.err
.println("Caught an AmazonServiceException, which means your request made it "
+ "to Amazon S3, but was rejected with an error response for some reason.");
System.err.println("Error Message: " + ase.getMessage());
System.err.println("HTTP Status Code: " + ase.getStatusCode());
System.err.println("AWS Error Code: " + ase.getErrorCode());
System.err.println("Error Type: " + ase.getErrorType());
System.err.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.err
.println("Caught an AmazonClientException, which means the client encountered "
+ "a serious internal problem while trying to communicate with S3, "
+ "such as not being able to access the network.");
System.err.println("Error Message: " + ace.getMessage());
} catch (IOException e) {
e.printStackTrace();
}
}
});
}
Below is an exception that i get
Caught an AmazonClientException, which means the client encountered a serious internal problem while trying to communicate with S3, such as not being able to access the network.Error Message: java.io.FileNotFoundException: fileName.mp3 (Permission denied)
Remember the file is actually there(same key).
I have also defined IAM policy(Inline policy) for the user(as shown below) but same trouble still persists. Thanks in advance for the help.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
