0

I am trying to enable server access logging for my newly created S3 buckets using java SDK

I am not able to set the URI properly i think , the error i am getting is please give READ_ACP and WRITE permissions to the destination bucket

I am not able to set the in the S3Grantee any URI as option and also i am not able to set owner

please have a look at my code : b2 is the actual bucket destination-bucket is where i want to sent the server logs

try {
        // Step 1 - Grant Log Delivery group permission to write log to the target
        // bucket.
        GrantPermissionsToWriteLogsAsync(s3client, b2);

        // Step 2 - Enable logging on the source bucket.
        EnableDisableLoggingAsync(s3client, b2);
    } catch (AmazonS3Exception e) {
        logger.error("Error encountered on server  " + e.getErrorMessage());
    } catch (Exception ex) {
        logger.error("Unknown encountered on server", ex.getMessage());
    }

}

private void EnableDisableLoggingAsync(AmazonS3 s3Client, Bucket b2) {
    // TODO Auto-generated method stub
    BucketLoggingConfiguration bucketLoggingConfiguration = new BucketLoggingConfiguration();
    bucketLoggingConfiguration.setDestinationBucketName("destination-bucket");
    bucketLoggingConfiguration.setLogFilePrefix("s3access/");

    SetBucketLoggingConfigurationRequest setBucketLoggingConfigurationRequest = new SetBucketLoggingConfigurationRequest(
            b2.getName(), bucketLoggingConfiguration);
    s3Client.setBucketLoggingConfiguration(setBucketLoggingConfigurationRequest);

}

private void GrantPermissionsToWriteLogsAsync(AmazonS3 s3Client, Bucket b2) {

    try {
        S3AccessControlList bucketACL = new S3AccessControlList();
        AccessControlList aclResponse = s3Client
                .getBucketAcl((new GetBucketAclRequest("destination-bucket")));

        Owner owner = aclResponse.getOwner();
        // aclResponse.setOwner(owner);
        // bucketACL.setOwner(owner);
        // Create a collection of grants to add to the bucket.
        ArrayList<Grant> grantCollection = new ArrayList<Grant>();

        // Grant the LogDelivery group permission to write to the bucket.
        Grant grant2 = new Grant(GroupGrantee.LogDelivery, Permission.Write);
        grantCollection.add(grant2);

        Collection<S3Grant> grants = new ArrayList<S3Grant>();
        S3Grant grant1 = new S3Grant();
        grant1.withPermission(S3Permission.READ_ACP);
        S3Grantee grantee = new S3Grantee();
        grantee.setIdentifier("http://acs.amazonaws.com/groups/s3/LogDelivery");
        grant1.withGrantee(grantee);

        S3Grant grant3 = new S3Grant();
        grant3.withPermission(S3Permission.WRITE);
        S3Grantee grantee2 = new S3Grantee();
        grantee.setIdentifier("http://acs.amazonaws.com/groups/s3/LogDelivery");
        grant3.withGrantee(grantee2);

        grants.add(grant1);
        grants.add(grant3);

        bucketACL.setGrants(grants);
        // s3Client.setB
        // s3Client.setBucketAcl("destination-bucket", bucketACL);

        SetBucketAclRequest setBucketAclRequest = new SetBucketAclRequest("destination-bucket", aclResponse);

        s3Client.setBucketAcl(setBucketAclRequest);
    } catch (AmazonS3Exception ex) {
        logger.error("error :: " + ex.getMessage());
    }
}
Improve this question

1 Answer 1

Reset to default
1

The issue is with your GrantPermissionsToWriteLogsAsync method, not sure what you are doing but it should be like this:

    private static void GrantPermissionsToWriteLogsAsync(AmazonS3 s3Client, Bucket b2) {

        try {
            AccessControlList bucketACL = s3Client.getBucketAcl((new GetBucketAclRequest(LOGGING_BUCKET)));

            // Grant the LogDelivery group permission to write to the bucket.
            Grant grant2 = new Grant(GroupGrantee.LogDelivery, Permission.Write);
            // Grant the LogDelivery group permission to read ACP to the bucket.
            Grant grant3 = new Grant(GroupGrantee.LogDelivery, Permission.ReadAcp);

            bucketACL.grantAllPermissions(grant2, grant3);

            SetBucketAclRequest setBucketAclRequest = new SetBucketAclRequest(LOGGING_BUCKET, bucketACL);

            s3Client.setBucketAcl(setBucketAclRequest);
        } catch (AmazonS3Exception ex) {
            logger.severe("error :: " + ex.getMessage());
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.