Reputation: 1
aws cost and usage report throws s3 permission error
I am trying to generate AWS cost and usage report via Java SDK. Below is my code block for the same.
credentials = new ProfileCredentialsProvider("default").getCredentials();
AWSCostAndUsageReportClientBuilder reportBuilder = AWSCostAndUsageReportClientBuilder.standard();
AWSCostAndUsageReportClient costAndUsageReport = (AWSCostAndUsageReportClient) reportBuilder
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withRegion("us-east-1")
.build();
ReportDefinition reptDefinition = new ReportDefinition();
reptDefinition.setReportName("ChandraReport123");
reptDefinition.setTimeUnit("DAILY");
reptDefinition.setCompression("ZIP");
ArrayList addidtionSchemaElements = new ArrayList();
addidtionSchemaElements.add("RESOURCES");
reptDefinition.setAdditionalSchemaElements(addidtionSchemaElements);
reptDefinition.setS3Bucket("etho-onnu22");
reptDefinition.setS3Prefix("someprefix");
reptDefinition.setS3Region("us-east-1");
reptDefinition.setFormat("textORcsv");
request.setReportDefinition(reptDefinition);
PutReportDefinitionResult reportResult = costAndUsageReport.putReportDefinition(request);
Am getting below exception while executing the code -
Exception in thread "main" com.amazonaws.services.costandusagereport.model.ValidationException: Failed to verify customer bucket permission. accountId= xxxxxxx72184, bucket name: etho-onnu22, bucket region: us-east-1 (Service: AWSCostAndUsageReport; Status Code: 400; Error Code: ValidationException; Request ID: xxxxxxx) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1630) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1302) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1056) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
Am able to upload objects to same s3 folder via s3 api. Any help or pointer is much appreciated. Thanks
Upvotes: 0
Views: 2718
Answers (1)
Reputation: 179314
AWS account 386209384616 (which is a static constant, the account number that AWS always uses to deliver these reports) must have permission to write to the bucket, via the bucket policy.
See Getting Started, Step 2 in the AWS Billing and Cost Management
User Guide (Version 2.0). An example bucket policy is provided there. You should change the bucket name in that policy to your bucket, but don't change the account number. It is always 386209384616.
Upvotes: 1
Related Questions
- AWS S3 ACL Permissions
- AWS S3 Java SDK - Access Denied
- AWS Cost Explorer - stopping s3 reports
- aws s3 write permissions - access deined
- s3 Bucket Policies Access Denied
- AWS S3 Logs: AccessDenied
- AWS bucket policy- permission denied
- AWS S3 403 Access Denied from EC2 instance
- AWS S3 file access logs
- getting permission denied in amazon aws