search

aws / aws-tools-for-powershell

The AWS Tools for PowerShell lets developers and administrators manage their AWS services from the PowerShell scripting environment.
Apache License 2.0
235 stars 78 forks source link

Write-S3Object failing on S3 compatible bucket #165

Closed agowa closed 3 years ago

agowa commented 4 years ago

I tried to use Write-S3Object and Get-S3Object with an S3 compatible object store.

Expected Behavior

Write-S3Object uploads the file.

Current Behavior

Write-S3Object fails to upload a file with Write-S3Object: Error making request with Error Code InvalidAccessKeyId and Http Status Code Forbidden. No further error information was returned by the service. Get-S3Object works just fine with the same credentials. S3Browser also works just fine (Uploading and Downloading) using the same credentials.

Fidler capture of what Write-S3Object sends:

PUT https://s3.es1.fra.optimist.innovo.cloud/b5bad5cc-b689-4fa4-8fce-b9de4861e212/Neues%20Textdokument.txt HTTP/1.1
Expect: 100-continue
User-Agent: AWSPowerShell.Common/4.0.6.0 .NET_Core/3.1.4 OS/Microsoft_Windows_6.3.9600 PowerShellCore/7.-1 ClientAsync TransferManager/SimpleUploadCommand
Host: s3.es1.fra.optimist.innovo.cloud
X-Amz-Date: 20200611T131144Z
X-Amz-Decoded-Content-Length: 1
X-Amz-Content-SHA256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD
Authorization: AWS4-HMAC-SHA256 Credential=0025e86b12a041a992ba7493c9176a1c/20200611/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length, Signature=9156930d725bac4e423b51c802184f7a0f2002e83bfc05a00c77eabee24add07
Content-Length: 173
Content-Type: text/plain
1;chunk-signature=0e3d04b34e6a438bd6fb16064f76b112356bd59bc675ee3b8252684131d2ddd5
a
0;chunk-signature=cc8fed24c3d078698349660462c8db1e3e1bbec5253145528a7d71a483324ff5

than the server returns:

HTTP/1.1 403 Forbidden
Accept-Ranges: bytes
Content-Length: 195
Content-Type: application/xml
Date: Thu, 11 Jun 2020 12:30:09 GMT
X-Amz-Request-Id: tx000000000000003ba6f1a-005ee223d0-2f983453-fra-es1
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidAccessKeyId</Code><RequestId>tx000000000000003ba6f1a-005ee223d0-2f983453-fra-es1</RequestId><HostId>2f983453-fra-es1-fra</HostId></Error>

and with S3Browser:

PUT https://s3.es1.fra.optimist.innovo.cloud/b5bad5cc-b689-4fa4-8fce-b9de4861e212/Neues%20Textdokument.txt HTTP/1.1
User-Agent: S3 Browser 8.9.5 https://s3browser.com
Content-Type: text/plain
Authorization: AWS 0025e86b12a041a992ba7493c9176a1c:3HfKU38eygex//fNN2zw2A1bjTw=
x-amz-acl: private
x-amz-date: Thu, 11 Jun 2020 13:24:13 GMT
x-amz-meta-s3b-last-modified: 20200611T132022Z
x-amz-meta-sha256: ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
Host: s3.es1.fra.optimist.innovo.cloud
Content-Length: 1

a

and the server returns:

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Date: Thu, 11 Jun 2020 13:24:18 GMT
Etag: "0cc175b9c0f1b6a831c399e269772661"
X-Amz-Request-Id: tx000000000000003bb00fb-005ee2307f-2f983453-fra-es1

Possible Solution

Not required, but suggest a fix/reason for the bug, or ideas how to implement the addition or change.

Steps to Reproduce (for bugs)

Write-S3Object -AccessKey "0025e86b12a041a992ba7493c9176a1c" -EndpointUrl "https://s3.es1.fra.optimist.innovo.cloud" -SecretKey "b9e21402ca804971ba1769905aab07e8" -BucketName "b5bad5cc-b689-4fa4-8fce-b9de4861e212" -File "C:\Neues Textdokument.txt"

Context

How has this issue affected you? What are you trying to accomplish? Providing context helps us come up with a solution that is most useful in the real world.

Your Environment

Include as many relevant details about the environment where the bug was discovered.

AWS Tools for PowerShell Version 4.0.6.0 Copyright 2012-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Amazon Web Services SDK for .NET Core Runtime Version 3.3.107.9 Copyright 2009-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Release notes: https://github.com/aws/aws-tools-for-powershell/blob/master/CHANGELOG.md

This software includes third party software subject to the following copyrights:

* Operating System and version as reported by `$PSVersionTable.OS`: `Microsoft Windows 6.3.9600`
* PowerShell version as reported by `$PSVersionTable.PSEdition`: `Core`
* PSVersionTable:

Name Value

PSVersion 7.0.1 PSEdition Core GitCommitId 7.0.1 OS Microsoft Windows 6.3.9600 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

ashishdhingra commented 3 years ago

Hi @agowa338,

Please confirm if you are referring to uploading files using AWS Toolkit for VS S3Browser or a different tool. It is quite possible that the tool is configured to use a different AWS profile than the supplied credentials via Powershell command. Kindly confirm if this is no longer an issue.

Thanks, Ashish

agowa commented 3 years ago

With S3Browser i was referring to this software: https://s3browser.com/

With both tools the powershell script and the S3Browser Gui software the same accesskey, secret, bucket and files were used.

ashishdhingra commented 3 years ago

Hi @agowa338,

Good afternoon.

Could you please check if this is still an issue with the latest version of PowerShell tools? This is a basic scenario and should work if proper role and policies are attacked to IAM account. If possible, kindly share the reproduction steps along with the sample content which could reproduce the issue. We could not compare the behavior on S3Browser 3rd party tool.

Thanks, Ashish

github-actions[bot] commented 3 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.