kristofer / S3 Access (java, Python)

This is both the Python code to access an S3 bucket and the IAM policy JSON for the bucket permissions. An IAM policy JSON that you can attach to your AWS account to grant the necessary permissions for S3 bucket access: ## IAM Policy JSON for S3 Bucket Access ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "ListBucketPermission", "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "arn:aws:s3:::your-bucket-name" }, { "Sid": "ObjectLevelPermissions", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectAcl" ], "Resource": "arn:aws:s3:::your-bucket-name/*" } ] } ``` ## Setup Instructions ### 1. Install Required Python Package ```bash pip install boto3 ``` ### 2. Configure AWS Credentials You have several options to configure AWS credentials: **Option A: AWS CLI Configuration** ```bash aws configure ``` **Option B: Environment Variables** ```bash export AWS_ACCESS_KEY_ID=your_access_key export AWS_SECRET_ACCESS_KEY=your_secret_key export AWS_DEFAULT_REGION=us-east-1 ``` **Option C: IAM Role (if running on EC2)** Attach an IAM role with the above policy to your EC2 instance. ### 3. Apply the IAM Policy Replace `your-bucket-name` in the policy JSON with your actual bucket name, then: 1. **For IAM User**: Go to IAM → Users → Select your user → Permissions → Add permissions → Create policy → JSON tab → Paste the policy 2. **For IAM Role**: Go to IAM → Roles → Select your role → Permissions → Add permissions → Create policy → JSON tab → Paste the policy ### 4. Usage Replace `BUCKET_NAME` in the Python code with your actual bucket name and run the script. ## Policy Permission Breakdown - **`s3:ListBucket`**: Allows listing objects in the bucket - **`s3:GetObject`**: Allows downloading/reading objects - **`s3:PutObject`**: Allows uploading objects - **`s3:DeleteObject`**: Allows deleting objects - **`s3:GetObjectAcl`**: Allows reading object ACLs (needed for some presigned URL operations) ## Security Notes - The policy grants access only to the specified bucket - For production use, consider adding IP restrictions or MFA requirements - You can restrict access to specific folder paths by modifying the `Resource` ARN (e.g., `arn:aws:s3:::your-bucket-name/specific-folder/*`) This setup will give you full programmatic access to your S3 bucket with the Python code provided!

import boto3 from botocore.exceptions import ClientError, NoCredentialsError import os from pathlib import Path class S3BucketManager: def __init__(self, bucket_name, region_name='us-east-1'): """ Initialize S3 client and set bucket name Args: bucket_name (str): Name of the S3 bucket region_name (str): AWS region name (default: us-east-1) """ self.bucket_name = bucket_name self.region_name = region_name try: # Initialize S3 client self.s3_client = boto3.client('s3', region_name=region_name) self.s3_resource = boto3.resource('s3', region_name=region_name) self.bucket = self.s3_resource.Bucket(bucket_name) except NoCredentialsError: print("Error: AWS credentials not found. Please configure your credentials.") raise except Exception as e: print(f"Error initializing S3 client: {e}") raise def list_objects(self, prefix=''): """ List all objects in the bucket with optional prefix filter Args: prefix (str): Optional prefix to filter objects Returns: list: List of object keys """ try: objects = [] paginator = self.s3_client.get_paginator('list_objects_v2') pages = paginator.paginate(Bucket=self.bucket_name, Prefix=prefix) for page in pages: if 'Contents' in page: for obj in page['Contents']: objects.append({ 'key': obj['Key'], 'size': obj['Size'], 'last_modified': obj['LastModified'] }) return objects except ClientError as e: print(f"Error listing objects: {e}") return [] def upload_file(self, local_file_path, s3_key=None): """ Upload a file to S3 bucket Args: local_file_path (str): Path to local file s3_key (str): S3 object key (if None, uses filename) Returns: bool: True if successful, False otherwise """ if s3_key is None: s3_key = Path(local_file_path).name try: self.s3_client.upload_file(local_file_path, self.bucket_name, s3_key) print(f"Successfully uploaded {local_file_path} to s3://{self.bucket_name}/{s3_key}") return True except FileNotFoundError: print(f"Error: File {local_file_path} not found") return False except ClientError as e: print(f"Error uploading file: {e}") return False def download_file(self, s3_key, local_file_path): """ Download a file from S3 bucket Args: s3_key (str): S3 object key local_file_path (str): Local path to save file Returns: bool: True if successful, False otherwise """ try: self.s3_client.download_file(self.bucket_name, s3_key, local_file_path) print(f"Successfully downloaded s3://{self.bucket_name}/{s3_key} to {local_file_path}") return True except ClientError as e: print(f"Error downloading file: {e}") return False def delete_object(self, s3_key): """ Delete an object from S3 bucket Args: s3_key (str): S3 object key to delete Returns: bool: True if successful, False otherwise """ try: self.s3_client.delete_object(Bucket=self.bucket_name, Key=s3_key) print(f"Successfully deleted s3://{self.bucket_name}/{s3_key}") return True except ClientError as e: print(f"Error deleting object: {e}") return False def get_object_url(self, s3_key, expiration=3600): """ Generate a presigned URL for an S3 object Args: s3_key (str): S3 object key expiration (int): URL expiration time in seconds (default: 1 hour) Returns: str: Presigned URL or None if error """ try: url = self.s3_client.generate_presigned_url( 'get_object', Params={'Bucket': self.bucket_name, 'Key': s3_key}, ExpiresIn=expiration ) return url except ClientError as e: print(f"Error generating presigned URL: {e}") return None def object_exists(self, s3_key): """ Check if an object exists in the bucket Args: s3_key (str): S3 object key Returns: bool: True if object exists, False otherwise """ try: self.s3_client.head_object(Bucket=self.bucket_name, Key=s3_key) return True except ClientError as e: if e.response['Error']['Code'] == '404': return False else: print(f"Error checking object existence: {e}") return False # Example usage if __name__ == "__main__": # Replace with your bucket name BUCKET_NAME = "your-bucket-name" REGION = "us-east-1" # Replace with your region # Initialize S3 manager s3_manager = S3BucketManager(BUCKET_NAME, REGION) # List objects in bucket print("Objects in bucket:") objects = s3_manager.list_objects() for obj in objects: print(f" {obj['key']} ({obj['size']} bytes)") # Example operations (uncomment to use): # Upload a file # s3_manager.upload_file("local_file.txt", "folder/remote_file.txt") # Download a file # s3_manager.download_file("folder/remote_file.txt", "downloaded_file.txt") # Check if object exists # if s3_manager.object_exists("folder/remote_file.txt"): # print("Object exists!") # Generate presigned URL # url = s3_manager.get_object_url("folder/remote_file.txt", expiration=7200) # print(f"Presigned URL: {url}") # Delete an object # s3_manager.delete_object("folder/remote_file.txt")

import com.amazonaws.services.s3.AmazonS3; import com.amazonaws.services.s3.AmazonS3ClientBuilder; import com.amazonaws.services.s3.model.*; import java.io.File; public class S3Examples { private final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); // Create an S3 bucket public void createBucket(String bucketName) { s3.createBucket(bucketName); } // Upload an object to S3 public void uploadObject(String bucketName, String key, File file) { s3.putObject(bucketName, key, file); } // Download an object from S3 public void downloadObject(String bucketName, String key, File file) { s3.getObject(new GetObjectRequest(bucketName, key), file); } // List objects in a bucket public ObjectListing listObjects(String bucketName) { return s3.listObjects(bucketName); } // Generate pre-signed URL to share an S3 object public URL generatePresignedUrl(String bucketName, String key) { Date expiration = new Date(); long expTimeMillis = expiration.getTime(); expTimeMillis += 1000 * 60 * 60; // Add 1 hour. expiration.setTime(expTimeMillis); GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName, key) .withMethod(HttpMethod.GET) .withExpiration(expiration); return s3.generatePresignedUrl(generatePresignedUrlRequest); } } // The key steps are: // 1. Create an S3Client object to interact with S3 // 2. Call createBucket() to create a new S3 bucket // 3. Upload objects using putObject(), specifying bucket name, key, and file // 4. Download objects using getObject(), specifying bucket name, key, and target file // 5. List objects in a bucket using listObjects() // 6. Generate a pre-signed URL using generatePresignedUrl() by specifying bucket, // key, expiration date, and HTTP method. // The pre-signed URL allows temporary access to private S3 objects without requiring AWS credentials. // The URL is only valid until the specified expiration date/time.

import boto3 from botocore.exceptions import ClientError s3 = boto3.client('s3') # Create a bucket bucket_name = 'my-bucket' location = {'LocationConstraint':'us-east-1'} s3.create_bucket(Bucket=bucket_name, CreateBucketConfiguration=location) # Upload an object to bucket filename = 'data.csv' object_name = 'data/data.csv' s3.upload_file(filename, bucket_name, object_name) # List objects in bucket response = s3.list_objects(Bucket=bucket_name) for object in response['Contents']: print(object['Key']) # Download an object s3.download_file(bucket_name, object_name, 'data_download.csv') # Generate pre-signed URL to share an object url = s3.generate_presigned_url( ClientMethod='get_object', Params={'Bucket': bucket_name, 'Key': object_name}, ExpiresIn=3600) print(url) # This creates an S3 bucket, uploads a local CSV file to the bucket under object name 'data/data.csv', # lists all objects in the bucket, downloads the object to a local file, and generates a pre-signed URL # that allows temporary access to download the object for anyone with the URL. # The pre-signed URL expires after 3600 seconds (1 hour).