2

I am trying to access an Amazon S3 bucket programmatically through Java libraries. (to do basic cloud management from a third-party application). As a first step, I tried to print whether a bucket exists or not(3rd line)

AWSCredentials credentials=new BasicAWSCredentials("my-Access- Key","My- Secret-Key");
AmazonS3 s3client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(credentials)).withRegion(Regions.AP_EAST_1).build();
String bucketExists=String.valueOf(s3client.doesBucketExistV2("newBucketName"));

When I run this line of code, I am getting an exception saying that

com.amazonaws.services.s3.model.AmazonS3Exception: The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID:RequestId...)

I don't want to maintain a credentials file in the .aws folder for the following reason:

I am trying to variablilize the access credentials based on the logged-in user from a secure LDAP system, so I can confirm the feasibility only when I test it with hard-coded credentials.

I have checked that the issue is not one of the below

  • I have created an IAM user with a valid Access ID and Secret Key in the AWS console and have enabled the user for programmatic access.
  • I have also given applied the AmazonS3FullAccess policy for IAM user
  • The key is in Active state(have checked it through the console)
  • I have added the dependency for the AWS SDK to gradle (implementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.15')

Please let me know what the issue might be. My apologies if it is an amateur issue.

Sachu
  • 191
  • 1
  • 4
  • 15
  • your code looks fine, there is not a reason why it should not work properly. Have you tried to create a new access key? Probably there is something wrong with that key. From time to time it happens. Please, can you try with a different access key? If you created another user, another thing you can try is to use an access key for that other user. – jccampanero Jul 10 '21 at 14:55
  • Thank you for the suggestion. I tried this but am facing the same error with the new set of credentials – Sachu Jul 12 '21 at 05:26
  • Hi @Sachu. I see. It is very strange indeed. I am aware that you need to provide explictely the credentials but, just for testing, have you tried to use the same credentials as environment variables, for example? Did it work? – jccampanero Jul 12 '21 at 10:33
  • @jccampanero I tried adding the credentials to the credentials file in C:\Users\\.aws folder. It still did not work. I followed the pattern given in this https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html . I am using Windows OS. I don't know where to put the code to the set AWS_ACCESS_KEY_ID=your_access_key_id – Sachu Jul 12 '21 at 11:50
  • 1
    Hi @Sachu. It is very strange. You can set the environment variables information where you consider appropriate. What IDE are you using? Maybe simpler, although I never tested it, you can try providing the necessary information using the java system properties aws.accessKeyId and aws.secretKey. Please, do not forget to change the credentials provider implementation accordingly. Also, although it should not be a problem, have you tried removing the region information? It should not be a problem in any way, but as I told you your code looks fine to me. – jccampanero Jul 12 '21 at 12:12
  • Hi @jccampanero I tried adding the system properties but still got the same Access key error. When I removed the region, I got a socket timed-out error. When I added it back i got the same access Key issue. I think I am missing some other key component or configuration. If I can change something to make it work I will accept your answer and award the bounty. – Sachu Jul 12 '21 at 12:44
  • Thank you @Sachu. The important thing is that you can successfully access your resources. Is the bucket created in the same region your are using in your Java code? Please, from a totally different point of view, remove any credentials you may have in your home directory if possible, maybe you have something there and it is causing the issue. – jccampanero Jul 12 '21 at 12:58
  • Please, try as well providing the provider chain, it will remove any dependency with other possible credentials configuration: `AmazonS3 s3client = AmazonS3ClientBuilder.standard().withCredentials(new AWSCredentialsProviderChain(new AWSStaticCredentialsProvider(credentials))).withRegion(Regions.AP_EAST_1).build();`. Note the use of `AWSCredentialsProviderChain` – jccampanero Jul 12 '21 at 13:13
  • Thank you @jccampanero. I had to use the right region in the bucket and the console and remove the other credentials in the home directory. It worked. Please post this as an answer. I will accept and award bounty – Sachu Jul 12 '21 at 13:41
  • 1
    I am very happy to hear that the problem is solved @Sachu. Thank you very much, I posted an answer summarizing these comments. Please, do not hesitate to contact me again if you thing I can be of any help. – jccampanero Jul 12 '21 at 16:13

2 Answers2

1

As indicated in the question comments, your code looks fine and it should work properly.

The most likely reason of the problem is that AWS is picking up other credentials from somewhere else. Please, try removing other credentials like the ones stored in the home directory in order to be sure that the SDK is using the right credentials when contacting S3.

In addition, please, verify that you are providing the right region according to your S3 bucket as well.

jccampanero
  • 50,989
  • 3
  • 20
  • 49
0

You are using the older V1 API. The Service Client name for V1 is AmazonS3. Likewise, the V2 service client name is S3Client. Amazon strongly recommends moving to V2:

The AWS SDK for Java 2.x is a major rewrite of the version 1.x code base. It’s built on top of Java 8+ and adds several frequently requested features. These include support for non-blocking I/O and the ability to plug in a different HTTP implementation at run time.

Try following this step by step set of instructions, which is based on V2.

Get started with the AWS SDK for Java 2.x

WHen working with V2, you can put your creds in a file located in a .aws folder named credentials, as explained in this document. Once you follow all steps in this document, you can programmatically access an Amazon S3 bucket.

smac2020
  • 9,637
  • 4
  • 24
  • 38
  • Thank you for your idea . But I don't want to use the credentials file since I wanted to variabilize the access credentials based on the LDAP user. I tried the same with V2 (S3 Client) but received the same error. – Sachu Jul 05 '21 at 04:33