AWS presign URL: <Code>SignatureDoesNotMatch</Code>

sunmingtao commented 4 years ago

Rename a file in s3 bucket Use aws s3 presign s3://smt0004/snake.png --expires-in=600 to generate url Hit the url in the brower and get error

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>
<AWSAccessKeyId>AKIAXVZ6SNCOUD4AT5RN</AWSAccessKeyId>
<StringToSign>
AWS4-HMAC-SHA256 20200517T114702Z 20200517/ap-southeast-2/s3/aws4_request 7c0a1f8bf7a52c0477104a91dcd1e3d8fcf3cea43d5ed224794f6da43c06b28d
</StringToSign>
<SignatureProvided>
d98a8b3ed5c49e21de3d5af15286c058f9e1418c3999290cd722fbd6525b12f3
</SignatureProvided>
<StringToSignBytes>
41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 30 30 35 31 37 54 31 31 34 37 30 32 5a 0a 32 30 32 30 30 35 31 37 2f 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 32 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 37 63 30 61 31 66 38 62 66 37 61 35 32 63 30 34 37 37 31 30 34 61 39 31 64 63 64 31 65 33 64 38 66 63 66 33 63 65 61 34 33 64 35 65 64 32 32 34 37 39 34 66 36 64 61 34 33 63 30 36 62 32 38 64
</StringToSignBytes>
<CanonicalRequest>
GET /snake.png X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAXVZ6SNCOUD4AT5RN%2F20200517%2Fap-southeast-2%2Fs3%2Faws4_request&X-Amz-Date=20200517T114702Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host host:smt0004.s3-ap-southeast-2.amazonaws.com host UNSIGNED-PAYLOAD
</CanonicalRequest>
<CanonicalRequestBytes>
47 45 54 0a 2f 73 6e 61 6b 65 2e 70 6e 67 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 58 56 5a 36 53 4e 43 4f 55 44 34 41 54 35 52 4e 25 32 46 32 30 32 30 30 35 31 37 25 32 46 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 32 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 30 30 35 31 37 54 31 31 34 37 30 32 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 36 30 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 73 6d 74 30 30 30 34 2e 73 33 2d 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 32 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44
</CanonicalRequestBytes>
<RequestId>CAB94A30986FC6CB</RequestId>
<HostId>
iRrdh/LmnmueWdBX9YRk7b0fwqC2npbbOQ7RJJUvqRX0AigVmMNaN17MgXecvpswe7jdqN3cpy8=
</HostId>
</Error>

sunmingtao commented 4 years ago

Nothing to do with the renaming of the file. A couple of old buckets, smt0002 and smt003 work fine. However, newer buckets, smt0004 and smt0005 don't work.

Regenerating the access key doesn't help

sunmingtao commented 4 years ago

After I upgrade cli to version 2, the problem seems to be resolved.

aws s3 mb s3://smt0010
aws s3 cp icon.png s3://smt0010
aws s3 presign s3://smt0010/icon.png --expires-in=600

sunmingtao / sample-code

AWS presign URL: <Code>SignatureDoesNotMatch</Code> #132