Reputation: 1
Trying to get using .net S3 SDK application that puts to S3 OK successfully over public internet working over Direct Connect
Our S3 application that worked over the internet has had issues working over Direct Connect.
We got the AWS Command line working over Direct Connect. To do this we did need to add the endpoint-url used in the command to the host file.
The change we made so far in the .net code is to set ServiceURL in AmazonS3Config to the interface endpoint to the S3 bucket which is the same endpoint-url used in the AWS cli call.
First it failed with NameResolutionFailure quoting the full path of the bucket across the end point.
We put that in the hosts file too (not needed for the AWS CLI).
Then it failed with a trust relationship failure.
We suspect it is using bucket path to check the certificate rather than the endpoint path.
The code that was added for Direct Connect was
if (bucketServiceURL.Length > 0)
{
S3Config.ServiceURL = bucketServiceURL;
}
and so the complete block with the change in was:
ThrowErrorIfNotInitialised(false);
iBucketNumber = BucketNumber;
Profile myProfile = new Profile(objConfiguration.Ourcredentials[BucketNumber]);
string strbucketRegion = objConfiguration.Ourregion[BucketNumber];
bucketServiceURL = objConfiguration.OurServiceURL[BucketNumber];
bucketName = objConfiguration.Ourbucket[BucketNumber];
TimeSpan webTimeout = objConfiguration.WebTimeoutForOps;
TimeSpan readWriteTimeout = objConfiguration.ReadWriteTimeout;
AmazonS3Config S3Config = new AmazonS3Config
{
Timeout = webTimeout,
ReadWriteTimeout = readWriteTimeout,
Profile = myProfile
};
if (strbucketRegion.Length > 0)
{
bucketRegion = RegionEndpoint.GetBySystemName(strbucketRegion);
S3Config.RegionEndpoint = bucketRegion;
}
if (bucketServiceURL.Length > 0)
{
S3Config.ServiceURL = bucketServiceURL;
}
client = new AmazonS3Client(S3Config);
bucketRegion was set to something for the successful run over the internet whereas ServiceURL was set in the failed direct connect run
Upvotes: 0
Views: 30
Answers (1)
Reputation: 1
Having been stuck on this for 2 weeks my project manager got many of my colleagues to brainstorm.
You need to import a certain Starfield certificate into your trust store.
From dev (connected over the internet) this gets imported automatically when you do a transfer.
In test (mimicking live with Direct Connect and no internet) you need to import the certificate manually.
Upvotes: 0
Related Questions
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- aws cli put-bucket-encryption command fails with validation error for BucketKeyEnabled param
- Accessing the AWS S3 from on-premise world through Direct Connect, VPC and VPC Endpoint using AWS SDK
- Error when configuring MinIO in C# - The authorization header is malformed; the region is wrong; expecting 'eu-west-2'
- Use AWS keys to transfer data between organizations
- How to turn off encryption for an object in AWS s3 bucket via CLI?
- How to import EC2 snapshot from S3 backup? (AWS CLI import-snapshot)
- Unable to connect to S3
- Error accessing AWS through Visual Studio 2017