403 - AccessDenied while enumerating objects on a service running on an AWS EC2 instance
I have an EC2 instance running with an IAM role attached to it.
If I run the following on the terminal of that instance, it displays the bucket contents correctly.
aws s3 ls --region my-region s3://my-bucket-name
But if I run what I think it is the same code but in Java I get 403
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withRegion(my-region)
.withCredentials(new InstanceProfileCredentialsProvider(false))
.withPayloadSigningEnabled(true)
.build();
s3Client.listObjectsV2(my-bucket-name);
Creates the following
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied
The same goes for the original listObjects
s3Client.listObjects(TestArtefactsBucket);
Since I am using InstanceProfileCredentialsProvider it must be the same profile used by the CLI, so use the same permissions?
I am using com.amazonaws: aws-java-sdk-s3: 1.11.93 and since it was mentioned in another thread, I am using joda-time: joda-time: 2.9.7.
Java version is java-1.8.0-openjdk.x86_64.
Any help would be appreciated, I am convinced that the permissions are configured correctly, but I am unable to access.
I should also add that I can list the contents of the bucket that the cli command is running on on the EC2 instance as
aws s3api list-objects-v2 --region my-region --bucket my-bucket
thank
source to share
First, you must check your IAM role [access key and secret] which is used for the API.
If the [Access Key and Private Key] is ok and you face the same problem, you need to check the IAM role policy, install S3 Full Access. This access permission is very important, and most of the time, this permission setting resolves the access denied issue. Hope this works for you.
Still not working? Then check the bucket policy, which can read and write objects to the bucket.
source to share