3

I'm developing a web api using .NET Core 2 on a Windows laptop. I'm trying to access my S3 bucket and am getting an Access Denied error.

Interesting thing is that it works with the AWS CLI.

My appSettings.Development.json file:

"AWS": {
    "Profile": "my-profile",
    "Region": "us-east-1"
 }

Startup.cs file:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    var options = Configuration.GetAWSOptions();
    services.AddDefaultAWSOptions(Configuration.GetAWSOptions());
    services.AddAWSService<IAmazonS3>();
}

BucketController.cs file:

public async Task<IEnumerable<string>> Get()
{
    // List all objects
    ListObjectsRequest listRequest = new ListObjectsRequest
    {
        BucketName = "shel-bucket"
    };

    ListObjectsResponse listResponse;
    do
    {
        // Get a list of objects
        listResponse = await _client.ListObjectsAsync(listRequest);
        foreach (S3Object obj in listResponse.S3Objects)
        {
            Console.WriteLine("Object - " + obj.Key);
            Console.WriteLine(" Size - " + obj.Size);
            Console.WriteLine(" LastModified - " + obj.LastModified);
            Console.WriteLine(" Storage class - " + obj.StorageClass);
        }

        // Set the marker property
        listRequest.Marker = listResponse.NextMarker;
    } while (listResponse.IsTruncated);

    return null;
}

The error I get is AmazonS3Exception: Access Denied.

When I do it from the AWS CLI it works.

aws --profile my-profile s3 ls shel-bucket
                              PRE test1/
                              PRE images/
                              PRE projects/
                              PRE test4/

My credentials and confil files are in the default location in .aws.

CodeWzrd
  • 127
  • 1
  • 9
  • Is it a public or private bucket? – marcusturewicz Mar 12 '18 at 21:27
  • 1
    Have you tried with your access key and secret in your config file to see if the profile is not being imported correctly? Is your bucket in us-east-1? – programmerj Mar 12 '18 at 21:31
  • @tura08 - It's private – CodeWzrd Mar 13 '18 at 00:10
  • 1
    How are you supplying your accessKey/secretKey ? – marcusturewicz Mar 13 '18 at 00:12
  • @programmerj So I ended up hard coding the credentials in the code itself and works. – CodeWzrd Mar 13 '18 at 02:13
  • So I ended up hard coding the credentials to test and works. var awsCredentials = new Amazon.Runtime.BasicAWSCredentials("", ""); _client = new Amazon.S3.AmazonS3Client(awsCredentials, Amazon.RegionEndpoint.USEast1); The access key/secret key are stored in the credentials file in the .aws folder. Not sure why it's not being picked up. Is there any way to print out the information retrieved by var options = Configuration.GetAWSOptions()? – CodeWzrd Mar 13 '18 at 03:00
  • I was able to drill down into the client object and see the credentials. So i find out that my "home" directory as considered by AWS .NET SDK is in a different location than what is used by AWS CLI. Some weird setup with my work machine. Once I copied the config to this other location it works now. – CodeWzrd Mar 13 '18 at 03:54

4 Answers4

2

In your code, try replacing your Startup with:

public void ConfigureServices(IServiceCollection services)
{
        services.AddMvc();
        services.AddSingleton<IS3Service, S3Service>();
        services.AddAWSService<IAmazonS3>();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseMvc();
}

You first need to install in the Package Manager Console:

`Install-package AWSSDK.Extensions.NETCORE.Setup`

`Install-package AWSSDK.S3`

Then you need to have the credentials file in the directory:

`C:\Users\username\.aws\credentials`

The credential file should have this format:

[default]
aws_access_key_id=[Write your access key in here]
aws_secret_access_key=[Write your secret access key in here]
region=[Write your region here]

I uploaded in github an example of a basic CRUD in ASP.NET CORE for S3 buckets.

Dayán Ruiz
  • 611
  • 1
  • 9
  • 22
2

Check your permissions for file write/read access in your account or try this through coding 

CannedACL = S3CannedACL.BucketOwnerFullControl

It resolved my problem when I faced the same Issue.

Dennis Xavier
  • 101
  • 1
  • 14
1
  1. I have solved with following below steps
  2. Goto AWS IAM service
  3. Select Users
  4. Click Add Permissions
  5. Give access to S3 and try now.
Mahadevan Annamalai
  • 127
  • 4
0

I tried all of this and it worked when deploying to AWS Lambda but never worked in my local environment. I resolved it by creating a new S3Client myself instead of injecting it:

var S3Client = new AmazonS3Client(Amazon.RegionEndpoint.USWest2);
Ryan Audet
  • 1