anomalizer / ngx_aws_auth

nginx module to proxy to authenticated AWS services
BSD 2-Clause "Simplified" License
470 stars 144 forks source link

The request signature we calculated does not match the signature you provided #57

Closed 80kk closed 5 years ago

80kk commented 5 years ago

I am have a problem using this module. My config is:

worker_processes 1;

events {
  worker_connections 1024;
}

http {
  server {
    listen 80;
    client_max_body_size 100G;
    aws_access_key 'xxx';
    aws_signing_key 'yyy';
    aws_key_scope '20190130/eu-west-1/s3/aws4_request';
    aws_s3_bucket 'bucket_name';

    location /s3 {
      rewrite /s3/(.*) /$1 break;
      resolver 8.8.8.8 valid=300s;
      resolver_timeout 10s;
      proxy_pass http://bucket_name.s3-eu-west-1.amazonaws.com/$1;
      aws_access_key 'xxx';
      aws_signing_key 'yyy';
      aws_key_scope '20190130/eu-west-1/s3/aws4_request';
      aws_sign;
    }
  }
}

Each time when I am calling http://x.y.z/s3/ I am getting following error:

The request signature we calculated does not match the signature you provided. Check your key and signing method.
j2clerck commented 5 years ago

Hello,

I encountered similar issue today. Something like below should work:

        aws_s3_bucket some_bucket;
        location / {
        aws_sign;
        aws_access_key "AK12345"; # Example AKIDEXAMPLE
        aws_key_scope "20190131/eu-west-1/s3/aws4_request"; #Example 20150830/us-east-1/service/aws4_request
        aws_signing_key "SomeSigningKey"; #Example L4vRLWAO92X5L3Sqk5QydUSdB0nC9+1wfqLMOKLbRp4=
        aws_endpoint "s3.eu-west-1.amazonaws.com";
        proxy_pass https://some_bukcet.s3.eu-west-1.amazonaws.com/;

The module is expecting that your bucket is reached by bucket.endpoint. If endpoint doesn't exists then it should be s3.amazonaws.com

Regards, Joseph