0

My C++ program must access both public and private AWS buckets. The public buckets don’t belong to me so when the program tries to access them and my credentials are visible I get the following type errors:

Aws::S3::S3Errors::INVALID_ACCESS_KEY_ID    

"InvalidAccessKeyId"    

"The AWS Access Key Id you provided does not exist in our records."

If I manually hide my credentials like this

mv ~/.aws/credentials ~/.aws/credentials-hidden

before running the program I can successfully list and get the public objects. But then, the program can't access my private buckets.

I’ve searched S3Client and ClientConfiguration for some option to disable and re-enable credentials checks but haven’t found it.

Please tell me how this is done.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
jox58
  • 65
  • 1
  • 6
  • I'm not familiar with cpp at all, but this maybe the way to go. http://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_client_1_1_a_w_s_null_signer.html#af27021dfddc9152d0e19db478bc2d592 – jellycsc Jul 20 '21 at 14:52
  • This sounds a little like the `--no-sign-request` option of the AWS CLI, but I don't know how to force it in a normal API call. The error message is very strange, because it should simply reject with a 403 rather than denying knowledge of the Access Key. I suggest you experiment with the AWS CLI to narrow-in on what might be happening, then implement your findings in your C++ code. – John Rotenstein Jul 21 '21 at 03:10

1 Answers1

0

I found a solution. To access public buckets without hiding my ~/.aws/credentials file I can create an S3Client with empty credentials.

Aws::Auth::AWSCredentials empty_credentials { };
Aws::S3::S3Client s3_client { empty_credentials, config };
jox58
  • 65
  • 1
  • 6