0

I am running into issues when generating a signed URL for a public S3 bucket. I get the issue when doing a PUT request:

<Error><Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

A bit of information - I am using:

  • node version 5.8
  • aws-sdkversion 2.7.10

I use the aws-sdk like this:

AWS.config.update({
  accessKeyId: ACCESS_KEY,
  secretAccessKey: SECRET_ACCESS_KEY,
  region: 'eu-west-1'
})
const s3 = new AWS.S3()

I generate the URL this way:

const params = {
  Key: FILE_KEY,
  Bucket: BUCKET_NAME,
  ContentType: image/jpeg,
  Expires: 60,
  ACL: 'public-read',
  Metadata: {
    'Cache-Control': 'max-age=31556926'
  }
}

const signedUrl = s3.getSignedUrl('putObject', params)

The generated URL looks like this:

https://companyxyz.s3-eu-west-1.amazonaws.com/
image/5843df4a15c6fccf4501cab9.jpg?
AWSAccessKeyId=xxxxxxxxxx&
Content-Type=image%2Fjpeg&
Expires=1480843142&
Signature=YvUEGntDLVUUuyVuDMxF5yXXBnI%3D
&x-amz-acl=public-read&
x-amz-meta-cache-control=max-age%3D31556926
Improve this question
2
  • check your access keys, as seen here : stackoverflow.com/a/8002444/2383685 . Your code looks fine. Commented Dec 4, 2016 at 10:07
  • Thank you for the suggestion! I have looked into it in great detail, but it does not seem to resolve my issue Commented Dec 4, 2016 at 10:21

2 Answers 2

Reset to default
1

It could be related to sig v2 and sig v4

From the documentation here: http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html and here http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

notice that in sig v4,

https://s3.amazonaws.com/examplebucket/test.txt
?X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=<your-access-key-id>/20130721/us-east-1/s3/aws4_request

your access-key-id is part of X-Amz-Credential

while for sig v2

https://elasticmapreduce.amazonaws.com?
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE

AWSAccessKeyId has its own paramater.

Your example shows that you are using sig v2

http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html also mentions that some regions do not support sig v2

EU (Frankfurt) Region EU (London) Region

EU (Frankfurt) is eu-central-1 which is strange, because it sig v2 should not work in eu-central-1.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I resolved the issue by changing region. I created a new bucket in eu-central-1 and everything worked. No matter what, I was not able to generate a working signed URL for eu-west-1.

Would love to hear any insights.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.