Amazon web services 尝试使用java SDK获取Bucket对象列表时，Amazon访问被拒绝_Amazon Web Services_Amazon S3_Amazon Iam

Amazon web services 尝试使用java SDK获取Bucket对象列表时，Amazon访问被拒绝

amazon-web-services amazon-s3

Amazon web services 尝试使用java SDK获取Bucket对象列表时，Amazon访问被拒绝,amazon-web-services,amazon-s3,amazon-iam,Amazon Web Services,Amazon S3,Amazon Iam,我正在使用AmazonS3上传/下载视频。我可以上传任何视频，但我无法在bucket中列出我的视频，因为我遇到以下错误： 03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reaso

我正在使用AmazonS3上传/下载视频。我可以上传任何视频，但我无法在bucket中列出我的视频，因为我遇到以下错误：

03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reason.
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Error Message:    Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 4AEF68CB2979FBB9)
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: HTTP Status Code: 403
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: AWS Error Code:   AccessDenied
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Error Type:       Client
03-30 11:51:06.911 28577-28734/com.video.apps3 I/CCC: Request ID:       4AEF68CB2979FBB9

我有这样一个简单的结构：

All Buckets/ myvideos/
  video1.mp4
  video2.mp4
  Other.mp4

我的政策是：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::myvideos/*"
            ]
        }
    ]
}

所以我可以上传视频到它，但我不能列出里面的元素

这是我用来列出对象的一段代码

try {
    ListObjectsRequest listObjectsRequest = new ListObjectsRequest()
            .withBucketName(MY_BUCKET)
            .withPrefix("")
            .withDelimiter("/");
    ObjectListing objectListing;
    do {
        objectListing = s3Client.listObjects(listObjectsRequest);
        for (S3ObjectSummary objectSummary :
                objectListing.getObjectSummaries()) {
            Log.i("CCC", " - " + objectSummary.getKey() + "  " +
                    "(size = " + objectSummary.getSize() +
                    ")");
        }
        listObjectsRequest.setMarker(objectListing.getNextMarker());
    } while (objectListing.isTruncated());
} catch (AmazonServiceException ase) {
    Log.i("CCC", "Caught an AmazonServiceException, " +
            "which means your request made it " +
            "to Amazon S3, but was rejected with an error response " +
            "for some reason.");    
    Log.i("CCC", "Error Message:    " + ase.getMessage());
    Log.i("CCC", "HTTP Status Code: " + ase.getStatusCode());
    Log.i("CCC", "AWS Error Code:   " + ase.getErrorCode());
    Log.i("CCC", "Error Type:       " + ase.getErrorType());
    Log.i("CCC", "Request ID:       " + ase.getRequestId());
} catch (AmazonClientException ace) {
    Log.i("CCC", "Caught an AmazonClientException, " +
            "which means the client encountered " +
            "an internal error while trying to communicate" +
            " with S3, " +
            "such as not being able to access the network.");
    Log.i("CCC", "Error Message: " + ace.getMessage());
}

我不知道我还需要做什么？如何可能使用相同的访问权限S3允许我上传但拒绝列表

更新1：代码我用的是：

CognitoCachingCredentialsProvider credentialsProvider = 
    new CognitoCachingCredentialsProvider(
                context,
                IDENTITY_POOL_ID,
                MY_REGION
        );

AmazonS3  s3Client = new AmazonS3Client(credentialsProvider);

s3Client.setRegion(Region.getRegion(MY_REGION));

所以我试着用这个：

AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
AmazonS3 s3Client = new AmazonS3Client(credentials);

好的，它起作用了。但是我想允许没有登录的用户访问视频。我不想使用我的accessKey和secretKey

列出存储桶的内容，请将此添加到策略中

{
    "Effect": "Allow",
    "Action": [
         "s3:ListBucket"
     ],
    "Resource": [
          "arn:aws:s3:::myvideos/*"
     ]
}

要列出存储桶的内容，请将其添加到策略中

{
    "Effect": "Allow",
    "Action": [
         "s3:ListBucket"
     ],
    "Resource": [
          "arn:aws:s3:::myvideos/*"
     ]
}

您需要为ListBucket操作授予对bucket的访问权限。在您的策略中，您授予对bucket

myvideos

中文件的访问权，但不授予bucket本身的访问权。尝试以下策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::myvideos",
                "arn:aws:s3:::myvideos/*"
            ]
        }
    ]
}

您需要为ListBucket操作授予对bucket的访问权。在您的策略中，您授予对bucket

myvideos

中文件的访问权，但不授予bucket本身的访问权。尝试以下策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::myvideos",
                "arn:aws:s3:::myvideos/*"
            ]
        }
    ]
}

尝试扩展策略以包括存储桶本身：

“资源”：[“arn:aws:s3:：：myvideos/*，“arn:aws:s3:：：myvideos”]

。尝试扩展策略以包括存储桶本身：

“资源”：[“arn:aws:s3:：：myvideos/*，“arn:aws:s3:：：myvideos”]

。