pjotr_dolphin
Reputation: 1255
AWS S3 signed object fails to GET
We are playing around with the possibility to use signed objects to display content on a private web site. So using a private S3 bucket and then generating signed urls seems like a good way to go. However when using aws-cli I cannot get it to work, the request fails using wget, curl, and any browser I tried with. Am I missing something here, shouldn't the signed url just be able to use as any other normal url. Example:
# aws s3 presign s3://bucket-name/2018/01/17/small.mp4
https://bucket-name.s3.amazonaws.com/2018/01/17/small.mp4?AWSAccessKeyId=KEYID&Signature=oeU2mpPRhOYFW0MdLcxqrgriaB8%3D&Expires=1516204869
# curl "https://bucket-name.s3.amazonaws.com/2018/01/17/small.mp4?AWSAccessKeyId=KEYID&Signature=doUHXL3RPQGh%2FTuevT3%2FGkjantI%3D&Expires=1516204809"
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>31A6192716C4A86D</RequestId><HostId>urrlQ/hz2exkKJ19BuZ7o5kZVQwJexQUb3UvZV7t65erm/inZfDqIt2vpPHxmZ69J1JFnQcfTPc=</HostId></Error>%
It returns bad request (400).
Upvotes: 3
Views: 1252
Answers (1)
pjotr_dolphin
Reputation: 1255
The problem was that I did not set the region when generating the signed url. Configure aws-cli with the region where the bucket is located solved the problem.
Upvotes: 5
Related Questions
- S3 SignedURL fails
- Amazon S3 & C# Signature does not match error
- Amazon S3 Signature Does Not Match - AWS SDK Java
- Amazon S3 signing works however it gets forbidden
- AWS S3 object failed to fetch
- Amazon S3: Strange Error -' Sometimes' SignatureDoesNotMatch, sometimes it does
- Fetching AWS S3 Object using Presigned URL "SignatureDoesNotMatch"
- Failed to upload a object to S3 using signed URL
- AWS S3 GET Request with Query Parameters throws Forbidden (403) with SignatureDoesNotMatch
- GetPreSignedUrlRequest - SignatureDoesNotMatch