Reputation: 505
I am running into issues when generating a signed URL for a public S3 bucket. I get the issue when doing a PUT request:
<Error><Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
A bit of information - I am using:
node
version 5.8aws-sdk
version 2.7.10I use the aws-sdk
like this:
AWS.config.update({
accessKeyId: ACCESS_KEY,
secretAccessKey: SECRET_ACCESS_KEY,
region: 'eu-west-1'
})
const s3 = new AWS.S3()
I generate the URL this way:
const params = {
Key: FILE_KEY,
Bucket: BUCKET_NAME,
ContentType: image/jpeg,
Expires: 60,
ACL: 'public-read',
Metadata: {
'Cache-Control': 'max-age=31556926'
}
}
const signedUrl = s3.getSignedUrl('putObject', params)
The generated URL looks like this:
https://companyxyz.s3-eu-west-1.amazonaws.com/
image/5843df4a15c6fccf4501cab9.jpg?
AWSAccessKeyId=xxxxxxxxxx&
Content-Type=image%2Fjpeg&
Expires=1480843142&
Signature=YvUEGntDLVUUuyVuDMxF5yXXBnI%3D
&x-amz-acl=public-read&
x-amz-meta-cache-control=max-age%3D31556926
Upvotes: 0
Views: 1304
Reputation: 7199
It could be related to sig v2 and sig v4
From the documentation here: http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html and here http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
notice that in sig v4,
https://s3.amazonaws.com/examplebucket/test.txt
?X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=<your-access-key-id>/20130721/us-east-1/s3/aws4_request
your access-key-id is part of X-Amz-Credential
while for sig v2
https://elasticmapreduce.amazonaws.com?
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
AWSAccessKeyId has its own paramater.
Your example shows that you are using sig v2
http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html also mentions that some regions do not support sig v2
EU (Frankfurt) Region EU (London) Region
EU (Frankfurt) is eu-central-1 which is strange, because it sig v2 should not work in eu-central-1.
Upvotes: 1
Reputation: 505
I resolved the issue by changing region
. I created a new bucket in eu-central-1
and everything worked. No matter what, I was not able to generate a working signed URL for eu-west-1
.
Would love to hear any insights.
Upvotes: 0