Call S3 pre-signed URL with postman

Question

I am attempting to use a pre-signed URL to upload as described in the docs (https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html) I can retrieve the pre-signed URL but when I attempt to do a PUT in Postman, I receive the following error:

<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

Obviously, the way my put call is structured doesn't match with the way AWS is calculating the signature. I can't find a lot of information on what this put call requires.

I've attempted to modify the header for Content-Type to multipart/form-data and application/octet-stream. I've also tried to untick the headers section in postman and rely on the body type for both form-data and binary settings where I select the file. The form-data setting results in the following added to the call:

Content-Disposition: form-data; name="thefiletosend.txt"; filename="thefiletosend.txt

In addition, I noticed that postman is including what it calls "temporary headers" as follows:

Host: s3.amazonaws.com Content-Type: text/plain User-Agent: PostmanRuntime/7.13.0 Accept: / Cache-Control: no-cache Postman-Token: e11d1ef0-8156-4ca7-9317-9f4d22daf6c5,2135bc0e-1285-4438-bb8e-b21d31dc36db Host: s3.amazonaws.com accept-encoding: gzip, deflate content-length: 14 Connection: keep-alive cache-control: no-cache

The Content-Type header may be one of the issues, but I'm not certain how to exclude these "temporary headers" in postman.

I am generating the pre-signed URL in a lambda as follows:

    public string FunctionHandler(Input input, ILambdaContext context)
    { 
        _logger = context.Logger;
        _key = input.key;
        _bucketname = input.bucketname;

        string signedURL = _s3Client.GetPreSignedURL(new GetPreSignedUrlRequest()
        {
            Verb = HttpVerb.PUT ,
            Protocol = Protocol.HTTPS,
            BucketName = _bucketname,
            Key = _key,
            Expires = DateTime.Now.AddMinutes(5)
        });

        returnObj returnVal = new returnObj() { url = signedURL };

        return JsonConvert.SerializeObject(returnVal);

    }

Answer 1

This worked for me by changing to generate_presigned_post(). Response provided the form fields needed for postman submission as form data.

Answer 2

I was facing the same problem and below is how it worked for me.

Note, I am making signed URL by using AWS S3 Java SDK as my backend is in Java. I gave content type as "application/octet-stream" while creating this signed Url so that any type of content can be uploaded. Below is my java code generating signed url.

public String createS3SignedURLUpload(String bucketName, String objectKey) {
        try {
            PutObjectRequest objectRequest = PutObjectRequest.builder().bucket(bucketName).key(objectKey)
                    .contentType("**application/octet-stream**").build();
            S3Presigner presigner = S3Presigner.builder().region(s3bucketRegions.get(bucketName))
                    .credentialsProvider(StaticCredentialsProvider.create(awsBasicCredentials)).build();
            PutObjectPresignRequest presignRequest = PutObjectPresignRequest.builder()
                    .signatureDuration(Duration.ofMinutes(presignedURLTimeoutInMins)).putObjectRequest(objectRequest)
                    .build();
            PresignedPutObjectRequest presignedRequest = presigner.presignPutObject(presignRequest);
            return presignedRequest.url().toString();
        } catch (Exception e) {
            throw new CustomRuntimeException(e.getMessage());
        }
    }

## Now to upload file using Postman

1. Set the generated url as endpoint
2. Select PUT request,
3. Body -> binary -> Select file
4. Set header Content-Type as application/octet-stream (This point I was missing earlier)

Answer 3

It's actually depends in how you generated URL,

If you generated using JAVA,

1. Set the generated url as endpoint
2. Select PUT request,
3. Body -> binary -> Select file

If you generated using PYTHON,

1. Create a POST request, and use form-data to enter in all the fields you got back, with exactly the same field names you got back in the signedURL shown above.
2. Do not set the content type, however. Then add one more key named “file”:

Refer the accepted answer picture

Answer 4

Your pre-signed url should be like https://bucket-name.s3.region.amazonaws.com/folder/filename.jpg?AWSAccessKeyId=XXX&Content-Type=image%2Fjpeg&Expires=XXX&Signature=XXX

You can upload to S3 with postman by

Set above url as endpoint Select PUT request, Body -> binary -> Select file

Answer 5

Your pre-signed url should be like https://bucket-name.s3.region.amazonaws.com/folder/filename.jpg?AWSAccessKeyId=XXX&Content-Type=image%2Fjpeg&Expires=XXX&Signature=XXX

You can upload to S3 with postman by

1. Set above url as endpoint
2. Select PUT request,
3. Body -> binary -> Select file

Answer 6

I was able to get this working in Postman using a POST request. Here are the details of what worked for me. When I call my lambda to get a presigned URL here is the json that comes back (after I masked sensitive and app-specific information):

{
    "attachmentName": "MySecondAttachment.docx",
    "url": "https://my-s3-bucket.s3.amazonaws.com/",
    "fields": {
        "acl": "public-read",
        "Content-Type": "multipart/form-data",
        "key": "attachment-upload/R271645/65397746_MySecondAttachment.docx",
        "x-amz-algorithm": "AWS4-HMAC-SHA256",
        "x-amz-credential": "WWWWWWWW/20200318/us-east-1/s3/aws4_request",
        "x-amz-date": "20200318T133309Z",
        "x-amz-security-token": "XXXXXXXX",
        "policy": "YYYYYYYY",
        "x-amz-signature": "ZZZZZZZZ"
    }
}

In Postman, create a POST request, and use “form-data” to enter in all the fields you got back, with exactly the same field names you got back in the signedURL shown above. Do not set the content type, however. Then add one more key named “file”:

To the right of the word file if you click the drop-down you can browse to your file and attach it:

In case it helps, I’m using a lambda written in python to generate a presigned URL so a user can upload an attachment. The code looks like this:

signedURL = self.s3.generate_presigned_post(
    Bucket= "my-s3-bucket",
    Key=putkey,
    Fields = {"acl": "public-read", "Content-Type": "multipart/form-data"},
    ExpiresIn = 15,
    Conditions = [
        {"acl": "public-read"},
        ["content-length-range", 1, 5120000]
        ]
    )

Hope this helps.