anomalizer / ngx_aws_auth

nginx module to proxy to authenticated AWS services
BSD 2-Clause "Simplified" License
470 stars 144 forks source link

Couldn't signin buckets with name included double dash. #43

Closed pekermert closed 7 years ago

pekermert commented 7 years ago

When i try to use buckets with name included double dash, i am getting 403 forbidden. e.g.: my-test-bucket getting 403 but my-testbucket works well with same configuration. I am sure about given access to buckets for my secret.

my configuration like this;

aws_access_key *****;
aws_key_scope ****;
aws_signing_key ****;
aws_s3_bucket my-test-bucket;

location ~ ^/images {
    aws_sign;
    proxy_pass http://my-test-bucket.s3.amazonaws.com;
}

Is there a restriction for bucket naming or is this a bug ?

rickheil commented 7 years ago

I don't believe it would be - I have two dashes in a bucket that I'm using in prod.

The only thing that comes to mind is that S3 will give 307s if you have a bucket in a non-US region and are not using the regional DNS name. See this forum post for an explanation.

pekermert commented 7 years ago

Hi @rickheil ,

I have created two bucket on eu-west-1 while testing. And they both getting 307 as you say, thanks for point to that. I changed http code on issue. Clearly 307 is not related through this situation. Actually returned 403 for couldn't signin.