search

concourse / s3-resource

Concourse resource for interacting with AWS S3
Apache License 2.0
62 stars 106 forks source link

Check your key and signing method - Error #111

Open drduker opened 5 years ago

drduker commented 5 years ago

I'm getting this error message when trying to get and put to an aws s3 bucket. Is there an option so that I can bypass this signature as a workaround without making the bucket public?

error running command: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method. status code: 403, request id: 82404AB544025563, host id: pfjz4AQkYTToR4vcMFEublahdsdsdd....VG10wmEQboetphIEav82L8w1c=

pipeline is configured as follows:

running on an upgraded concourse 4.2.1 bosh deployment version

drduker commented 5 years ago

Also tried specifying this:

and tried this:

drduker commented 5 years ago

I believe this might be related: https://github.com/aws/aws-sdk-php/issues/239

drduker commented 5 years ago

ok, i think I found the cause. I’ve been playing around with how the files and folders work with both the “regexp” or the “versioned_file”. Versioning of the bucket does matter (you need to use the versioned_file param instead of regex), but what matters even more is that you cannot specify folders within a bucket as the bucket name like this in the params file: s3: access_key_id: ((aws_access_key_id)) region_name: “us-east-1” buckets: foo: “automation/foo/” bar: “automation/bar” secret_access_key: ((aws_secret_access_key)) endpoint: “s3-us-east-1.amazonaws.com”

if you do, it will only work partly as in the file will upload with v2 signing but the file check will not work. as a workaround I have just specified “automation” as the bucket for both s3.buckets.foo and s3.buckets.bar. And then in the regex i have added the folder to the beginning of the filename like so : “fo/ubuntu-trusty-vm.tgz”

If this folder specification cannot be corrected then i suggest that the error be updated.