skip to Main Content

so I have service that gonna delete entity from database, that entity include file document that uploaded on aws, when delete entity api get hit the service will also running this delete file from aws method, I already defined the secret and access key on my application properties:

public void deleteFile(String fileName) {

      amazonS3.deleteObject(bucketName, fileName);
    }

an error I get:

Oct 28 11:59:29 minikube-new peniti-dttot[366642]: 2023-10-28 11:59:29.366 ERROR 366642 --- [nio-8087-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 4MNTSWM4R9MG9AZX; S3 Extended Request ID: /YPsvV5/L+tAsv2fCawNAvbIYf4VvMHkkNRfAGqY6U4DOMELHh/x2b/UXV/7ogfVC6uVQdCtCtQ=; Proxy: null), S3 Extended Request ID: /YPsvV5/L+tAsv2fCawNAvbIYf4VvMHkkNRfAGqY6U4DOMELHh/x2b/UXV/7ogfVC6uVQdCtCtQ=] with root cause
Oct 28 11:59:29 minikube-new peniti-dttot[366642]: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 4MNTSWM4R9MG9AZX; S3 Extended Request ID: /YPsvV5/L+tAsv2fCawNAvbIYf4VvMHkkNRfAGqY6U4DOMELHh/x2b/UXV/7ogfVC6uVQdCtCtQ=; Proxy: null)

I’ll be thankfull if anyone help me ๐Ÿ™‚

I’ll excpecting that file already on the aws will get deleted when the api got hit

2

Answers


  1. First of all you need to make sure the role being used has adequate S3 permissions, for example:

    {
       "Version":"2012-10-17",
       "Statement":[
          {
             "Effect":"Allow",
             "Action": "s3:ListAllMyBuckets",
             "Resource":"*"
          },
          {
             "Effect":"Allow",
             "Action":["s3:ListBucket","s3:GetBucketLocation"],
             "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1"
          },
          {
             "Effect":"Allow",
             "Action":[
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:DeleteObject"
             ],
             "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*"
          }
       ]
    }
    

    Next, you’ll want to be sure the bucketName which you provide is exactly what you think it is.

    And finally, check that the bucket doesn’t have a resource policy which has a deny which may be blocking you.

    Login or Signup to reply.
  2. You are using an outdated AWS S3 Java API V1 version. This is not best practice. AWS recommends that you use AWS SDK for Java V2.

    Dev Guide here:

    Developer Guide – AWS SDK for Java 2.x

    The S3 Java API easily lets you delete objects (and perform other S3 operations) within a Spring Boot app. You can delete an object using this V2 code:

     public static void deleteBucketObjects(S3Client s3, String bucketName, String objectName) {
    
            ArrayList<ObjectIdentifier> toDelete = new ArrayList<>();
            toDelete.add(ObjectIdentifier.builder()
                .key(objectName)
                .build());
    
            try {
                DeleteObjectsRequest dor = DeleteObjectsRequest.builder()
                    .bucket(bucketName)
                    .delete(Delete.builder()
                    .objects(toDelete).build())
                    .build();
                
                s3.deleteObjects(dor);
    
            } catch (S3Exception e) {
                System.err.println(e.awsErrorDetails().errorMessage());
                System.exit(1);
            }
            
            System.out.println("Done!");
        }
    

    Also make sure that the creds you are using has permission to delete S3 objects. The Access Denied exception suggests there is a permission issue.

    The following topic in the AWS code library walks you through creating a Spring Boot app that uses the AWS SDK for Java V2. It creates a Photo app.

    Detect objects in images with Amazon Rekognition using an AWS SDK

    In summary:

    1. Use the AWS Java V2 API which is best practice.
    2. Make sure that you have S3 permissions that modify S3 objects.
    3. Setup a Spring Boot app to properly use AWS SDK for Java v2.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search