CODEWITHSUNDEEP
javasslamazon-s3pre-signed-url
Bernie Lenz
Bernie Lenz

Reputation: 2146

Java amazonS3.generatePresignedUrl - How to configure https://s3.amazonaws.com/mycompany instead of https://mycompany.s3.amazonaws.com/com.mycompany

We are using presigned s3 urls to provide web access to images stored in s3.

The java code we are using to generate the presigned urls is similar to below

String accessKey = ...;
String secretKey = ...;
String region = ...;
com.amazonaws.HttpMethod awsHttpMethod = ...;
String bucketName = ...;
String objectKey = ...;
Date expirationDate = ...;

BasicAWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(creds)).withRegion(region).build();
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName, objectKey);
generatePresignedUrlRequest.setMethod(awsHttpMethod);
generatePresignedUrlRequest.setExpiration(expirationDate);
URL url = s3Client.generatePresignedUrl(generatePresignedUrlRequest);

The url that is generated by the code looks similar to

https://com.mycompany.personalpictures.s3.amazonaws.com/picture123.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20170623T150540Z&X-Amz-SignedHeaders=host&X-Amz-Expires=59&X-Amz-Credential=AKIAIVLB4ANK6B45G3IA%2F20170623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d25d407ee8efa76f339388ec93579a19be8eaead9663d6d378cf2ec6d9d9cac2

However since our bucket naming standard contains dots, a call to above URL results in a SSL: no alternative certificate subject name matches target host name 'com.mycompany.personalpictures.s3.amazonaws.com' error

I read in this post that the root cause is the dots in the bucket name and that using https://s3.amazonaws.com/com.mycompany.personalpictures/picture123.png should circumvent the problem.

How can I generate presigned urls using the url format https://s3.amazonaws.com/mybucket/myfile?

Upvotes: 0

Views: 1306

Answers (1)

Bernie Lenz
Bernie Lenz

Reputation: 2146

Figured it out...

Needed to use .enablePathStyleAccess() when creating the s3 client. With that the code line now is

AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(creds)).withRegion(region).enablePathStyleAccess().build();

Upvotes: 2

Related Questions