pjotr_dolphin
pjotr_dolphin

Reputation: 1255

AWS S3 signed object fails to GET

We are playing around with the possibility to use signed objects to display content on a private web site. So using a private S3 bucket and then generating signed urls seems like a good way to go. However when using aws-cli I cannot get it to work, the request fails using wget, curl, and any browser I tried with. Am I missing something here, shouldn't the signed url just be able to use as any other normal url. Example:

# aws s3 presign s3://bucket-name/2018/01/17/small.mp4
https://bucket-name.s3.amazonaws.com/2018/01/17/small.mp4?AWSAccessKeyId=KEYID&Signature=oeU2mpPRhOYFW0MdLcxqrgriaB8%3D&Expires=1516204869

# curl "https://bucket-name.s3.amazonaws.com/2018/01/17/small.mp4?AWSAccessKeyId=KEYID&Signature=doUHXL3RPQGh%2FTuevT3%2FGkjantI%3D&Expires=1516204809"
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>31A6192716C4A86D</RequestId><HostId>urrlQ/hz2exkKJ19BuZ7o5kZVQwJexQUb3UvZV7t65erm/inZfDqIt2vpPHxmZ69J1JFnQcfTPc=</HostId></Error>%

It returns bad request (400).

Upvotes: 3

Views: 1252

Answers (1)

pjotr_dolphin
pjotr_dolphin

Reputation: 1255

The problem was that I did not set the region when generating the signed url. Configure aws-cli with the region where the bucket is located solved the problem.

Upvotes: 5

Related Questions