moonorongo
6/16/2015 - 6:48 PM

Acceder a Amazon Services S3 , desde Java

Acceder a Amazon Services S3 , desde Java

amazon_s3
content_copyfile_download
            
http://localhost:9444/s3/private/canstockphoto20822965_comp.jpg?noAuth=true            
         
GET         
en amazon, para algo publico seria - al bucket "private"
private.s3.amazonaws.com/<archivo>
o tambien
s3.amazonaws.com/private/<archivo>

en s3ninja
http://localhost:9444/s3/private/<archivo>?noAuth=true            



cambiar publico/privado
Tengo que cambiar el ACL el objeto que quiero descargar

PUEDO HACERLO CON 
    Temporarily make an Object available to anyone

    A private object stored in S3 can be made publicly available for a limited time using a signed URL. The signed URL can be used by anyone to download the object, yet it includes a date and time after which the URL will no longer work.

    // Create a private object in S3.
    S3Bucket privateBucket = new S3Bucket("privateBucket");
    S3Object privateObject = new S3Object(
        privateBucket, "privateObject.txt", "This object is private");
    s3Service.createBucket(privateBucket);
    s3Service.putObject(privateBucket, privateObject);        

    // Determine what the time will be in 5 minutes.
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.MINUTE, 5);
    Date expiryDate = cal.getTime();
    Create a signed HTTP GET URL valid for 5 minutes. If you use the generated URL in a web browser within 5 minutes, you will be able to view the object's contents. After 5 minutes, the URL will no longer work and you will only see an Access Denied message.

    String signedUrl = s3Service.createSignedGetUrl(
        privateBucket.getName(), privateObject.getKey(), expiryDate, false);

    System.out.println("Signed URL: " + signedUrl);

MAS INFO
http://www.jets3t.org/toolkit/code-samples.html#gs-acl




TUTORIAL AMAZON S3

1) primero instancio un cliente

    // establezco las credenciales
    BasicAWSCredentials awsCreds = new BasicAWSCredentials(access_key_id, secret_access_key)
    // creo la instancia con las credenciales
    AmazonS3 s3Client = new AmazonS3Client(awsCreds);
    
    // selecciono la region
    // esto es solamente para que trabaje con el servicio mas cercano fisicamente... no creo que lo tengamos que especificar
    
    // AVANZADO: configuro la conexion
    // quiza pueda especificar un servidor local para poder trabajar... ver
      
    // clase que instancio, y le paso al cliente  
    // com.amazonaws.ClientConfiguration 
    // ClientConfiguration.setLocalAddress(java.net.InetAddress localAddress) // probar con getLocalAddress a ver que me da...
    
    // Excepciones
    AmazonServiceException: error que ocurrio en el server
    AmazonClientException: en el cliente
    IllegalArgumentException:  pasados mal los datos
    
    // logging
    http://docs.aws.amazon.com/AWSSdkDocsJava/latest//DeveloperGuide/java-dg-logging.html
    
    // Access
    // Creo un Statement, al que le especifico que permita a todos los usuarios obtener los recursos de myBucketName
    
    Statement allowPublicReadStatement = new Statement(Effect.Allow) // permito 
        .withPrincipals(Principal.AllUsers) // a todos los usuarios
        .withActions(S3Actions.GetObject) // obtener recursos
        .withResources(new S3ObjectResource(myBucketName, "*")); // todos
        
    
    // instancio la Policy con el Statement creado
    Policy policy = new Policy().withStatements(allowPublicReadStatement, restricn, kakaka,ollaa); 
    
    // le establezco al client la policy
    s3Client.setBucketPolicy(myBucketName, policy.toJson());
    
    
    agregado filtro ip y fecha..
    
    Statement ....
        .withConditions(
            new Condition()
            .withType("IpAddress") 
            .withConditionKey("aws:SourceIp") 
            .withValues("192.0.2.0/24", "203.0.113.0/24"),
            
            new Condition()
            .withType("DateLessThan")
            .withConditionKey("aws:CurrentTime")
            .withValues("2013-12-15T12:00:00Z") // ISO8601
        )
    
Mas info aca 
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Condition

    
    
    
    
    
    
    {
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::examplebucket/cartaporte123.pdf",
            "Condition" : {
            "DateLessThan": {
                "aws:CurrentTime" : "2013-08-16T15:00:00Z"
            },
           "IpAddress" : {
                "aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"]
      }     }
        }
    ]
} 
    
https://cartasporte.s3.amazonaws.com/50_9945130.pdf
    
vps: 107.170.14.224    
threads: 186.148.128.21    
    
    
* TESTEAR LA IMPLEMENTACION - SUBIR ALGUNAS CARTAS DE PORTE - PDF REALES DE EJEMPLO
AGREGAR EN GISTBOX GUIA AWS