I am trying to upload files from android studio to AWS S3 Bucket. I have created a new AWS account. This seems to be validation/Authorization Code issue. Can someone please help in figuring out the root cause for this and how can this be solved ?
我正在尝试将文件从android studio上传到AWS S3 Bucket。我创建了一个新的AWS账户。这似乎是验证/授权代码问题。有人可以帮助找出问题的根本原因以及如何解决这个问题?
Please Let me know if any more detail is required.
如果需要更多细节,请告诉我。
Thanks,
Bucket Policy:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}
Warning in Debug Log:
调试日志中的警告:
D/CognitoCachingCredentialsProvider﹕ Loading credentials from SharedPreferences
D/CognitoCachingCredentialsProvider﹕ No valid credentials found in SharedPreferences
I/AmazonHttpClient﹕ Unable to execute HTTP request: Read timed out
java.net.SocketTimeoutException: Read timed out
at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:674)
at com.android.okio.Okio$2.read(Okio.java:113)
at com.android.okio.RealBufferedSource.indexOf(RealBufferedSource.java:147)
at com.android.okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:94)
at com.android.okhttp.internal.http.HttpConnection.readResponse(HttpConnection.java:175)
at com.android.okhttp.internal.http.HttpTransport.readResponseHeaders(HttpTransport.java:101)
at com.android.okhttp.internal.http.HttpEngine.readResponse(HttpEngine.java:616)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:379)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:323)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponseMessage(HttpURLConnectionImpl.java:487)
at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getResponseMessage(DelegatingHttpsURLConnection.java:109)
at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getResponseMessage(HttpsURLConnectionImpl.java:25)
at com.amazonaws.http.UrlHttpClient.execute(UrlHttpClient.java:62)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:353)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:196)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4234)
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1644)
at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadCallable.uploadInOneChunk(UploadCallable.java:134)
at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadCallable.call(UploadCallable.java:126)
at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadMonitor.upload(UploadMonitor.java:182)
at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadMonitor.call(UploadMonitor.java:140)
at com.amazonaws.mobileconnectors.s3.transfermanager.internal.UploadMonitor.call(UploadMonitor.java:54)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
Code:
// Variables Values:
private static final String AWS_ACCOUNT_ID = "078xxxxxxx91";
private static final String COGNITO_POOL_ID = "eu-west-1:9xxxxx16-4xx2-4xxa-axx1-44cxxxxxxxf5";
private static final String COGNITO_ROLE_UNAUTH = "arn:aws:iam::078xxxxxxx91:role/Cognito_ABCUnauth_Role";
private static final String BUCKET_NAME = "mybucket";
private void uploadImagesToServer() {
Thread thread = new Thread(new Runnable() {
@Override
public void run() {
try {
AWSCredentialsProvider credProvider = null;
credProvider = getCredProvider(credProvider, getApplicationContext());
TransferManager transferManager = new TransferManager(credProvider);
for(int i=0; i<imagesPath.size(); i++) {
File file = new File(imagesPath.get(i));
String fileName = file.getName();
Upload upload = transferManager.upload(BUCKET_NAME, fileName, file);
}
} catch (Exception e) {
e.printStackTrace();
}
}
});
thread.start();
}
public static AWSCredentialsProvider getCredProvider(AWSCredentialsProvider sCredProvider,
Context appContext) {
if(sCredProvider == null) {
sCredProvider = new CognitoCachingCredentialsProvider(
appContext,
AWS_ACCOUNT_ID, COGNITO_POOL_ID, COGNITO_ROLE_UNAUTH,
null, Regions.EU_WEST_1);
sCredProvider.refresh();
}
return sCredProvider;
}
1 个解决方案
#1
The log shows Request ARN is invalid. It's because COGNITO_ROLE_UNAUTH is an empty string. Please get the role arn from IAM, or copy the sample code from console.
日志显示请求ARN无效。这是因为COGNITO_ROLE_UNAUTH是一个空字符串。请从IAM获取角色arn,或从控制台复制示例代码。
Then you see Not authorized to perform sts:AssumeRoleWithWebIdentity exception. This happens when the credentials provider makes a request to STS to assume the role you specified for session credentials, but your role isn't set to trust Cognito.
然后你看到没有授权执行sts:AssumeRoleWithWebIdentity异常。如果凭据提供程序向STS发出请求以承担您为会话凭据指定的角色,但您的角色未设置为信任Cognito,则会发生这种情况。
Judging by its name, the role was created by you rather than one that is generated by Cognito in the console. I believe you forget to the trust relationship. Go to IAM console, edit the role, scroll all the way down, and click edit Trust Relationships. Make sure you have something like the following (replace pool id with your Cognito identity pool id).
根据其名称判断,角色是由您创建的,而不是由Cognito在控制台中生成的角色。我相信你忘记了信任关系。转到IAM控制台,编辑角色,完全向下滚动,然后单击“编辑信任关系”。确保您具有以下内容(将池ID替换为您的Cognito标识池ID)。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "us-east-1:<pool_id>"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
}
]
}
#1
The log shows Request ARN is invalid. It's because COGNITO_ROLE_UNAUTH is an empty string. Please get the role arn from IAM, or copy the sample code from console.
日志显示请求ARN无效。这是因为COGNITO_ROLE_UNAUTH是一个空字符串。请从IAM获取角色arn,或从控制台复制示例代码。
Then you see Not authorized to perform sts:AssumeRoleWithWebIdentity exception. This happens when the credentials provider makes a request to STS to assume the role you specified for session credentials, but your role isn't set to trust Cognito.
然后你看到没有授权执行sts:AssumeRoleWithWebIdentity异常。如果凭据提供程序向STS发出请求以承担您为会话凭据指定的角色,但您的角色未设置为信任Cognito,则会发生这种情况。
Judging by its name, the role was created by you rather than one that is generated by Cognito in the console. I believe you forget to the trust relationship. Go to IAM console, edit the role, scroll all the way down, and click edit Trust Relationships. Make sure you have something like the following (replace pool id with your Cognito identity pool id).
根据其名称判断,角色是由您创建的,而不是由Cognito在控制台中生成的角色。我相信你忘记了信任关系。转到IAM控制台,编辑角色,完全向下滚动,然后单击“编辑信任关系”。确保您具有以下内容(将池ID替换为您的Cognito标识池ID)。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "us-east-1:<pool_id>"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
}
]
}