本文介绍了如何使用IAM账户的AccessKey和SecretAccessKey来认证并连接到AWS S3服务。详细步骤包括设置环境变量、Java系统属性、配置credentials文件以及在代码中直接提供凭证。此外,还展示了通过AWSSecurityTokenService获取临时证书的方法,以增强安全性。
最近听了一次亮哥他们AWS的首次session,中间稍微提到了一下IAM account的access key。没想到在项目中给别人code review的时候就接触到了,是针对AWS S3的。具体S3说明,见http://aws.amazon.com/s3/
Setting up project
1. AWS SDK for Java
com.amazonaws
aws-java-sdk
1.9.2
2. 使用一个IAM account,如果没有创建一个,获取到它的“Access key”和“Secret Access Key”。
Authenticate with Amazon S3
1. 使用Access Key进行验证
1) 环境变量Environment Variables – AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
2) Java System Properties – aws.accessKeyId and aws.secretKey.
3) 默认用户下profiles文件, ~/.aws/credentials
[default]
aws_access_key_id={YOUR_ACCESS_KEY_ID}
aws_secret_access_key={YOUR_SECRET_ACCESS_KEY}
[profile2]
...
4) 代码中直接填写
前三种使用验证链:
AmazonS3 s3Client = new AmazonS3Client();
//or
//The following line of code is effectively equivalent to the preceding example:
AmazonS3 s3Client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain());
第四种:
AWSCredentials credentials = new BasicAWSCredentials("YourAccessKeyID", "YourSecretAccessKey");
AmazonS3 s3client = new AmazonS3Client(credentials);
2. 从AWS Security Token Service (AWS STS) 获取临时证书,见Document
SDK Example
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.util.List;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.Bucket;
import com.amazonaws.services.s3.model.CannedAccessControlList;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.S3ObjectSummary;
public class AmazonS3Example {
private static final String SUFFIX = "/";
public static void main(String[] args) {
// credentials object identifying user for authentication
// user must have AWSConnector and AmazonS3FullAccess for
// this example to work
AWSCredentials credentials = new BasicAWSCredentials(
"YourAccessKeyID",
"YourSecretAccessKey");
// create a client connection based on credentials
AmazonS3 s3client = new AmazonS3Client(credentials);
// create bucket - name must be unique for all S3 users
String bucketName = "javatutorial-net-example-bucket";
s3client.createBucket(bucketName);
// list buckets
for (Bucket bucket : s3client.listBuckets()) {
System.out.println(" - " + bucket.getName());
}
// create folder into bucket
String folderName = "testfolder";
createFolder(bucketName, folderName, s3client);
// upload file to folder and set it to public
String fileName = folderName + SUFFIX + "testvideo.mp4";
s3client.putObject(new PutObjectRequest(bucketName, fileName,
new File("C:\\Users\\user\\Desktop\\testvideo.mp4"))
.withCannedAcl(CannedAccessControlList.PublicRead));
deleteFolder(bucketName, folderName, s3client);
// deletes bucket
s3client.deleteBucket(bucketName);
}
public static void createFolder(String bucketName, String folderName, AmazonS3 client) {
// create meta-data for your folder and set content-length to 0
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentLength(0);
// create empty content
InputStream emptyContent = new ByteArrayInputStream(new byte[0]);
// create a PutObjectRequest passing the folder name suffixed by /
PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName,
folderName + SUFFIX, emptyContent, metadata);
// send request to S3 to create folder
client.putObject(putObjectRequest);
}
/**
* This method first deletes all the files in given folder and than the
* folder itself
*/
public static void deleteFolder(String bucketName, String folderName, AmazonS3 client) {
List fileList =
client.listObjects(bucketName, folderName).getObjectSummaries();
for (S3ObjectSummary file : fileList) {
client.deleteObject(bucketName, file.getKey());
}
client.deleteObject(bucketName, folderName);
}
}
扫一扫
1004
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
