Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Presigned URL resolves in a SignatureDoesNotMatch
See original GitHub issueDescribe the issue
Hi, I have functionalities in our web application to upload and download a certain configuration file (xml). The upload works. But we want to enforce the download by using a presigned URL that is valid for 5 minutes.
When using that url we receive a SignatureDoesNotMatch.
Steps to Reproduce
Code to upload a configuration file:
public Boolean uploadConfiguration(Part file) throws IOException {
String bucketName = System.getenv("AWS_BUCKET");
PutObjectRequest request = PutObjectRequest.builder()
.bucket(bucketName)
.key("BeFirstConfiguration.xml")
.build();
PutObjectResponse response = s3Client.putObject(request, RequestBody.fromBytes(file.getInputStream().readAllBytes()));
return StringUtils.isNotEmpty(response.eTag());
}
Code to receive a presigned URL:
String bucketName = System.getenv("AWS_BUCKET");
GetObjectRequest getUrlRequest = GetObjectRequest.builder()
.bucket(bucketName)
.key("BeFirstConfiguration.xml")
.build();
GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder()
.getObjectRequest(getUrlRequest)
.signatureDuration(Duration.ofMinutes(10))
.build();
PresignedGetObjectRequest request = s3Presigner.presignGetObject(getObjectPresignRequest);
log.info("Generating pre-signed URL.");
return request.url().toString();
JavaConfig configuration
public S3Configuration s3Configuration() {
return S3Configuration.builder().build();
}
@Bean
public S3Presigner s3Presigner() {
return S3Presigner.builder()
.region(Region.EU_WEST_1)
.serviceConfiguration(s3Configuration())
.build();
}
@Bean
public S3Client s3Client() {
return S3Client.create();
}
Current Behavior
After using that presigned url we get an SignatureDoesNotMatch.
Your Environment
- AWS Java SDK version used: 2.15.31
- JDK version used: openjdk:11 (docker image based on openjdk:11-jre-slim)
- Operating System and version: Amazon Linux
Any ideas or help pls? Been stuck here for a while now.
kind regards
Issue Analytics
- State:
- Created 3 years ago
- Comments:19 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
hi @debora-ito I try to have a look this week and let you know. Thanks for this info!
kind regards
Hmm, not sure whether we can help much. However there’s one thing I can think of:
Internally we use private VPC Endpoints for S3 (and DynamoDB). So maybe that’s conflicting. Can you specify which endpoint to use in your signing code?
For example with the AWS CLI that’s possible:
aws s3 presign --endpoint-url https://s3.eu-west-1.amazonaws.com s3://MY_BUCKET_NAME/MY_FILE.pdf --region eu-west-1