Reputation: 1255
We are playing around with the possibility to use signed objects to display content on a private web site. So using a private S3 bucket and then generating signed urls seems like a good way to go. However when using aws-cli I cannot get it to work, the request fails using wget, curl, and any browser I tried with. Am I missing something here, shouldn't the signed url just be able to use as any other normal url. Example:
# aws s3 presign s3://bucket-name/2018/01/17/small.mp4
https://bucket-name.s3.amazonaws.com/2018/01/17/small.mp4?AWSAccessKeyId=KEYID&Signature=oeU2mpPRhOYFW0MdLcxqrgriaB8%3D&Expires=1516204869
# curl "https://bucket-name.s3.amazonaws.com/2018/01/17/small.mp4?AWSAccessKeyId=KEYID&Signature=doUHXL3RPQGh%2FTuevT3%2FGkjantI%3D&Expires=1516204809"
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>31A6192716C4A86D</RequestId><HostId>urrlQ/hz2exkKJ19BuZ7o5kZVQwJexQUb3UvZV7t65erm/inZfDqIt2vpPHxmZ69J1JFnQcfTPc=</HostId></Error>%
It returns bad request (400).
Upvotes: 3
Views: 1252
Reputation: 1255
The problem was that I did not set the region when generating the signed url. Configure aws-cli with the region where the bucket is located solved the problem.
Upvotes: 5