AWS S3 upload without access and secret key in Java
Solution 1
You can use the below Java code to get the s3client
instance when you are trying to connect to S3 bucket from EC2 instance.
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new InstanceProfileCredentialsProvider(false))
.build();
This is the recommended way as the application doesn't require to maintain the access keys in property files.
- IAM role should be created and S3 access should be provided for that role. See the sample policy below.
- The IAM role should be assigned to the EC2 instance
Sample policy for IAM role:-
{
"Action": ["s3:PutObject",
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject"],
"Resource": ["arn:aws:s3:::yourBucketName",
"arn:aws:s3:::yourBucketName/*"],
"Effect": "Allow",
"Sid": "AllowBucketLinux"
}
Solution 2
As per documentation AWS credentials provider chain that looks for credentials in this order :
- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
- Java System Properties - aws.accessKeyId and aws.secretKey
- Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
- Instance profile credentials delivered through the Amazon EC2 metadata service
Check you have specify valid credentials in any of above.
Ref : http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
Sudipto Das
Updated on June 15, 2022Comments
-
Sudipto Das almost 2 years
I want to upload a file to S3 without using my access and secret key from
AWS
server. AWS keys should be taken as default. However running the below command in server I can access it without providing any access and secret keys.aws s3 cp somefile.txt s3://somebucket/
From java code its not accessible since it was unable to load credentials. Below is my code.
AmazonS3 s3client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain());
-
vamsiampolu over 6 yearsthe version of the API v1.11.22 does not have a builder API for S3. How can I do it in that case? Please take a look at my question stackoverflow.com/questions/47763573/…