Writing to S3 bucket

I’m tearing my hair out trying to do a simple file copy to an S3 bucket.

S3 extension 0.9.4.122 is installed, Application.cfc includes:

<cfset this.s3.accesskeyid="#accesskey#">
<cfset this.s3.awssecretkey="#secretkey#">

My page includes the following tag:
<cffile action="copy" source="c:\temp\temp.txt" destination="s3:///#bucketname#/temp.txt">
And I get the error:
Can't copy file [c:\temp\temp.txt] to [s3:///[bucketname]/temp.txt]; Access Denied

I have an IAM user whose credentials I use above and the access key’s “Last used” time corresponds with the last time I ran my script. The user’s permission includes the AmazonS3FullAccess policy below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Is there something I have overlooked?

Thanks… Simon

OS: Windows 8
Java Version: Adopt 11.0.7
Tomcat Version: 9.0.35
Lucee Version: 5.3.7.47

I’ve no experience with S3. But is there any chance that this is a file permission issue with your c:\temp\temp.txt? Does Tomcat have file permissions to read it?

It doesn’t seem to be an issue with permissions reading the local file. There is no problem with:

<cffile action="copy" source="c:\temp\temp.txt" destination="c:\temp\temp1.txt">

Have you been able to read any data from your bucket? Are you receiving an Access Denied also then?

Thanks for the cues Andreas. No problems reading from any buckets.

The issue turned out to the Permissions on the bucket. You need to turn off the “Block public access to buckets and objects granted through new access control lists (ACLs)” option, which overrides any permissions you set up through IAM if you want to Write to a bucket. Interesting that you can still Read from a bucket with “Block all public access” enabled.

Simon

1 Like

I’ve just setup S3 to test this stuff around. Could do almost everything, just no file manipulation. I was just there getting this ( possibly same ) stack trace:

org.jets3t.service.S3Service.putObject(S3Service.java:2214)
  at org.lucee.extension.resource.s3.S3._write(S3.java:816)

Glad you were much quickier. By the way, thanks for posting back solution.

In IAM, if you select your user and click Security Credentials, does the Last Used time correspond with the last time you ran your script? If you are getting as far as the “putObject” call, I guess it does. If so, your script is able to log in and you need to check the policy (the one above works for me) and the “Block public access” settings in the Permissions tab for your bucket. Do you receive a similar “Access denied” error message?

My error was “Access Denied” with the whole error outputting my credentials, because I’ve just set up the mapping quick and easy in Web Admininistrator like shown in Michas Video https://www.youtube.com/watch?v=twQomRCbaCY. Had also no problems with reading files. But file writing seemed to be a problem. The first important 2 lines of the stack trace showed S3Service.putObject error, and after googling it was clear that it was some sort of IAM permission issue. Then I saw your post back. Didn’t look any further then, deleted my bucket and created IAM user/group. Going to experiment with it in more details at some time in the near future.