Python:亚马逊S3无法得到桶:403 Forbidden说

时间:2022-04-30 10:44:36

I have a bucket for my organization in Amazon S3 which looks like mydev.orgname

我在Amazon S3中为我的组织提供了一个桶,它看起来像mydev.orgname

  • I have a Java application that can connect to Amazon S3 with the credentials and can connect to S3, create, read files

    我有一个Java应用程序,可以使用凭据连接到Amazon S3,并可以连接到S3,创建,读取文件

  • I have a requirement where a application reads the data from Python from same bucket. So I am using boto for this.

    我有一个要求,即应用程序从同一个存储桶中读取Python中的数据。所以我正在使用boto。

I do the following in oder to get the bucket

我在oder中执行以下操作以获取存储桶

>>> import boto
>>> from boto.s3.connection import S3Connection
>>> from boto.s3.key import Key
>>> 
>>> conn = S3Connection('xxxxxxxxxxx', 'yyyyyyyyyyyyyyyyyyyyyy')
>>> conn
S3Connection:s3.amazonaws.com

Now when I try to get bucket I see error

现在,当我尝试获取存储桶时,我发现错误

>>> b = conn.get_bucket('mydev.myorg')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Library/Python/2.7/site-packages/boto/s3/connection.py", line 389, in get_bucket
    bucket.get_all_keys(headers, maxkeys=0)
  File "/Library/Python/2.7/site-packages/boto/s3/bucket.py", line 367, in get_all_keys
    '', headers, **params)
  File "/Library/Python/2.7/site-packages/boto/s3/bucket.py", line 334, in _get_all
    response.status, response.reason, body)
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EEC05E43AF3E00F3</RequestId><HostId>v7HHmhJaLLQJZYkZ7sL4nqvJDS9yfrhfKQCgh4i8Tx+QsxKaub50OPiYrh3JjQbJ</HostId></Error>

But from the Java application everything seems to work.

但是从Java应用程序开始,一切似乎都有效。

Am I doing anything wrong here?

我在这做错了吗?

3 个解决方案

#1


35  

Giving the user a "stronger role" is not the correct solution. This is simply a problem with boto library usage. Clearly, you don't need extra permissions when using Java S3 library.

赋予用户“更强大的作用”并不是正确的解决方案。这只是boto库使用的问题。显然,使用Java S3库时不需要额外的权限。

Correct way to use boto in this case is:

在这种情况下使用boto的正确方法是:

b = conn.get_bucket('my-bucket', validate=False)
k = b.get_key('my/cool/object.txt') # will send HEAD request to S3
...

Basically, boto by default (which is a mistake on their part IMHO), assumes you want to interact with S3 bucket. Granted, sometimes you do want that, but then you should use credentials that have permissions for S3 bucket operations. But a more popular use case is to interact with S3 objects, and in this case you don't need any special bucket-level permissions, hence the use of validate=False kwarg.

基本上,boto默认情况下(这是他们的错误恕我直言),假设您想要与S3存储桶交互。当然,有时您确实需要,但是您应该使用具有S3存储桶操作权限的凭据。但更常用的用例是与S3对象进行交互,在这种情况下,您不需要任何特殊的桶级权限,因此使用validate = False kwarg。

#2


2  

this answer work for me :)

这个答案对我有用:)

I did

我做到了

  • S3 bucket policy setting
  • S3存储桶策略设置
  • time setting
  • 时间设定
  • bucket = conn.get_bucket(BUCKET_NAME, validate=False)
  • bucket = conn.get_bucket(BUCKET_NAME,validate = False)

#3


0  

After giving my "User" much stronger role, this error was gone. Means User given the permission to get_bucket

在赋予我的“用户”更强大的作用后,这个错误就消失了。意味着用户获得了get_bucket的许可

#1


35  

Giving the user a "stronger role" is not the correct solution. This is simply a problem with boto library usage. Clearly, you don't need extra permissions when using Java S3 library.

赋予用户“更强大的作用”并不是正确的解决方案。这只是boto库使用的问题。显然,使用Java S3库时不需要额外的权限。

Correct way to use boto in this case is:

在这种情况下使用boto的正确方法是:

b = conn.get_bucket('my-bucket', validate=False)
k = b.get_key('my/cool/object.txt') # will send HEAD request to S3
...

Basically, boto by default (which is a mistake on their part IMHO), assumes you want to interact with S3 bucket. Granted, sometimes you do want that, but then you should use credentials that have permissions for S3 bucket operations. But a more popular use case is to interact with S3 objects, and in this case you don't need any special bucket-level permissions, hence the use of validate=False kwarg.

基本上,boto默认情况下(这是他们的错误恕我直言),假设您想要与S3存储桶交互。当然,有时您确实需要,但是您应该使用具有S3存储桶操作权限的凭据。但更常用的用例是与S3对象进行交互,在这种情况下,您不需要任何特殊的桶级权限,因此使用validate = False kwarg。

#2


2  

this answer work for me :)

这个答案对我有用:)

I did

我做到了

  • S3 bucket policy setting
  • S3存储桶策略设置
  • time setting
  • 时间设定
  • bucket = conn.get_bucket(BUCKET_NAME, validate=False)
  • bucket = conn.get_bucket(BUCKET_NAME,validate = False)

#3


0  

After giving my "User" much stronger role, this error was gone. Means User given the permission to get_bucket

在赋予我的“用户”更强大的作用后,这个错误就消失了。意味着用户获得了get_bucket的许可