Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AuthorizationHeaderMalformed when using S3 with VPCE

See original GitHub issue

Type: Bug

Component: S3

Describe the bug When using a VPCE endpoint the region detection is not working correctly. I also tried to override the region by setting it with cloud.aws.s3.region, but this is ignored anyway. This might be an issue in the AmazonS3ClientFactory of spring-cloud-aws-core-2.4.1.jar, because here the region is derived from the host or if not matching the AmazonS3URI is used to get the region. The property is not read here. Is there any configuration which is not applied correctly?

Sample

pom.xml:

        <dependencyManagement>
          <dependencies>
            <dependency>
                <groupId>io.awspring.cloud</groupId>
                <artifactId>spring-cloud-aws-dependencies</artifactId>
                <version>2.4.1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
          </dependencies>
        </dependencyManagement>

        <dependency>
            <groupId>io.awspring.cloud</groupId>
            <artifactId>spring-cloud-starter-aws</artifactId>
        </dependency>

application.yml (note: the endpoint has been modified and is no existing)

cloud:
  aws:
    s3:
      endpoint: https://bucket.vpce-0xx72x6xxx5d2842x-5icphead.s3.eu-central-1.vpce.amazonaws.com
      region: eu-central-1
    stack:
      auto: false
    region:
      static: eu-central-1
    credentials:
      accessKey: ...
      secretKey: ...

Error:

"Error while reading resources from path: s3://mybucket/subpath/*.gz","context":"default","exception":"com.amazonaws.services.s3.model.AmazonS3Exception: The authorization header is malformed; the region 'vpce' is wrong; expecting 'eu-central-1' (Service: Amazon S3; Status Code: 400; Error Code: AuthorizationHeaderMalformed; Request ID: <rid>; S3 Extended Request ID: <id>; Proxy: <proxy>)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1862)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1415)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1384)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1154)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:811)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:779)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:753)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:713)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:695)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:559)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:539)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5453)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5400)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5394)
at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:928)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at io.awspring.cloud.core.io.s3.AmazonS3ProxyFactory$SimpleStorageRedirectInterceptor.invoke(AmazonS3ProxyFactory.java:118)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
at com.sun.proxy.$Proxy135.listObjects(Unknown Source)
at io.awspring.cloud.core.io.s3.PathMatchingSimpleStorageResourcePatternResolver.findProgressivelyWithPartialMatch(PathMatchingSimpleStorageResourcePatternResolver.java:228)
at io.awspring.cloud.core.io.s3.PathMatchingSimpleStorageResourcePatternResolver.findPathMatchingKeyInBucket(PathMatchingSimpleStorageResourcePatternResolver.java:177)
at io.awspring.cloud.core.io.s3.PathMatchingSimpleStorageResourcePatternResolver.findPathMatchingKeys(PathMatchingSimpleStorageResourcePatternResolver.java:146)
at io.awspring.cloud.core.io.s3.PathMatchingSimpleStorageResourcePatternResolver.findPathMatchingResources(PathMatchingSimpleStorageResourcePatternResolver.java:136)
at io.awspring.cloud.core.io.s3.PathMatchingSimpleStorageResourcePatternResolver.getResources(PathMatchingSimpleStorageResourcePatternResolver.java:102)

Thanks in advance.

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
klopfdrehcommented, Oct 12, 2022

Migrated to 3.0.0-M2 and it is working like expected! 👍 Thanks!

1reaction
klopfdrehcommented, May 19, 2022

Thanks a lot for the hints! 👍

Read more comments on GitHub >

github_iconTop Results From Across the Web

S3 bucket Authorization Header Malformed · Issue #58 - GitHub
I'm a knucklehead; I was incorrectly passing the bucket variable name to the module, so it was trying to use the default name...
Read more >
Troubleshoot connecting to Amazon S3 from VPC endpoints
I'm using a gateway endpoint to connect to an Amazon Simple Storage Service (Amazon S3) bucket from an Amazon Elastic Compute Cloud (Amazon...
Read more >
Unknown issue with Elastic snapshots - Elasticsearch
I run several ec2 Elastic clusters in AWS, all being backed up by snapshot to aws s3. I have recently created two new...
Read more >
AWS Fundamentals - Part 10: Using the AWS CLI - Adam Raffe
8c8590cd6650:~ adaraffe$ aws s3 ls --profile=nocreds An error occurred (AuthorizationHeaderMalformed) when calling the ListBuckets ...
Read more >
AWS S3 access through VPC endpoint and ALB
It works after updating the SDK version to 2.17.281 (latest as of now).
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Spring Cloud AWS 2.4.1 / SpringBoot 2.6.6 - ParameterStore - File extension is not known to any PropertySourceLoader

Next page

java.lang.StackOverflowError - spring-cloud-starter-aws-secrets-manager-config : 2.4.1