search

akka / alpakka

Alpakka is a Reactive Enterprise Integration library for Java and Scala, based on Reactive Streams and Akka.
https://doc.akka.io/libraries/alpakka/current/
Other
1.26k stars 644 forks source link

S3 path-style access is going away #1679

Closed jrudolph closed 4 years ago

jrudolph commented 5 years ago

https://forums.aws.amazon.com/ann.jspa?annID=6776

Amazon S3 currently supports two request URI styles in all regions: path-style (also known as V1) that includes bucket name in the path of the URI (example: //s3.amazonaws.com//key), and virtual-hosted style (also known as V2) which uses the bucket name as part of the domain name (example: //.s3.amazonaws.com/key). In our effort to continuously improve customer experience, the path-style naming convention is being retired in favor of virtual-hosted style request format. Customers should update their applications to use the virtual-hosted style request format when making S3 API requests before September 30th, 2020 to avoid any service disruptions. Customers using the AWS SDK can upgrade to the most recent version of the SDK to ensure their applications are using the virtual-hosted style request format.

Virtual-hosted style requests are supported for all S3 endpoints in all AWS regions. S3 will stop accepting requests made using the path-style request format in all regions starting September 30th, 2020. Any requests using the path-style request format made after this time will fail.

If there is any reason why your application is not able to utilize the virtual-hosted style request format, or if you have any questions or concerns, please reach out to AWS Support.

That means that some solution will have to found for the HTTPS issue for buckets with dots in the name by then. Probably nothing should be done for now because AWS will have to figure that out by themselves so that customers are left with the invalid certificates when they are finally forced to use the domain style access.

francisdb commented 5 years ago

Link from the amazon news blog https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/

We should probably change the default to false to push users to void dotted bucket names (and clearly mention that in the release notes).

How does the official java client handle this case? What are the defaults there?

https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html mentions

  • Bucket names must comply with DNS naming conventions.
  • When you use virtual hosted–style buckets with Secure Sockets Layer (SSL), the SSL wildcard certificate only matches buckets that don't contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (".") in bucket names when using virtual hosted–style buckets.

I don't see any workarounds or automatic dns-valid aliasing so I guess users just have to switch bucket?

2m commented 5 years ago

Most of the Alpakka S3 tests use capital letters in the bucket name, which also does not work with path-style-access. So that is another thing to avoid in bucket names.

ennru commented 4 years ago

With #2099 Alpakka is back to using virtual-host-style as the default bucket access, this restricts the bucket names much more than path-style access. Warnings are issued in the logs if path-style access is configured.