I want to hang the image on S3 on Amazon Rekognition via AWS CLI.

Asked 2 years ago, Updated 2 years ago, 71 views

Through AWS CLI, I would like to throw the image placed on S3 to Amazon Rekognition for DetectText, but the error does not work.

aws recognition detect-text -- image "S3Object={Bucket=mybucket,Name=text.jpg}" -- region ap-northeast-1

If you enter the above command at a command prompt or at a powershell (with administrator privileges), you will receive an error similar to the following:

Error occurred (InvalidS3 ObjectException) when calling the DetectText operation: Unable to get object metadata from S3.Check object key, region and/or access permissions.

From the error point of view, I think it may be caused by the bucket policy of IAM or S3, but I don't know what's wrong (what's missing).
Could you please let me know the cause, other points that need to be set, and how to resolve them?

Environment:
 ·OS: Windows 10 (under proxy environment)I'm using cntlm to move the local proxy up and down.)
 ·Region: ap-northeast-1 (Confirmed that both CLI settings and S3 are Tokyo regions)
 ·AWS CLI: Access Key, Secret Access Key, Region, Output Configured
 ·IAM: The user's access rights are as follows
   - AmazonS3 FullAccess
   - AmazonRecognitionFullAccess
 ·S3: The bucket policy is as follows (excerpt from Statement only).

"Statement":[
    {
        "Sid": "XXXXXXXXXXXXXXX",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:*",
        "Resource": [
            "arn:aws:s3::mybucket",
            "arn:aws:s3::mybucket/*"
        ],

Note:
 ·The S3 to be operated can be accessed via Lambda and can be recognized by Recognition.Also, we have verified that we can operate in S3 through the CLI.
 ·Recognition commands that do not use S3 (as shown below) work without errors.

example:aws recognition create-collection --collection-id testcollection

I would appreciate your help.

aws amazon-s3 aws-cli

2022-09-30 17:43

2 Answers

Bucket policies are configured, but no policies are required for accounts with the same aws.
Is S3 owned by another account by any chance?

Even if you own a different account, you can access it, but in that case, you had to specify an account that you could explicitly access to the principal.Alternatively, you can specify it from the bucket access permissions > access control list.
If it's a different account, why don't you make sure you can test and run it on the same account?


2022-09-30 17:43

The same error message occurs even if the permissions are correct or if the s3 object does not exist.
For example,

awss3cps3://mybuket/test.jpg.

Why don't you try and see if you can download it correctly as ?


2022-09-30 17:43

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.