8

I'm trying to generate a presigned URL for an S3 bucket on AWS to upload files to like this:

$ aws s3 presign s3://mybucket/somefolder/

Then I use that URL to upload a file:

$ curl "https://mybucket.s3.amazonaws.com/somefolder/?AWSAccessKeyId=***&Signature=***&Expires=***"  --upload-file "./file"

But then it prints out an XML error:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>SignatureDoesNotMatch</Code>
  <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
  <AWSAccessKeyId>***********</AWSAccessKeyId>
  <StringToSign>PUT


    ************
    /mybucket/somefolder/</StringToSign>
  <SignatureProvided>**************</SignatureProvided>
  <StringToSignBytes>**************</StringToSignBytes>
  <RequestId>************</RequestId>
  <HostId>************</HostId>
</Error>

What am I doing wrong?

[UPDATE]

OK, so I have to specify the object name in the presigned URL. So I did but I'm still facing the same error message:

$ aws s3 presign s3://mybucket/someobject

And then:

$ curl "https://mybucket.s3.amazonaws.com/someobject?AWSAccessKeyId=***&Signature=***&Expires=***"  --upload-file "./file"

And I'll get the exact same error as before. To make sure that it's not a permission problem, I tested it like this:

$ aws s3 cp ./file s://mybucket/

And the file was copied! Any suggestions?

[UPDATE]

I even tested with an object which actually exists in the bucket and managed to successfully download it. But still I cannot write to the object, only read.

Improve this question
1
  • 2
    You need to pre-sign a URL for the destination object itself, not the folder that the object is uploaded to. As an admin of the S3 bucket, you dictate what key the object is uploaded to; the uploading client does not. Commented Aug 24, 2018 at 3:49

2 Answers 2

Reset to default
27

It looks like cli command aws s3 presign is only for GetObject. Parameter 'get_object' is hardcoded in source code. (See line 671)

You can create presigned URL for PutObject using other SDK such as boto3. Make sure to set client method 'put_object'

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Now in line 712 in the source code :D - why are they not fixing it? Yesterday I lost 2 hours on that issue (because chatgpt was suggesting me to do that, never again)
-1

S3 signed urls are created on a per OBJECT basis and cannot be generated for a prefix (folder). If you want to upload some_file to some_folder you must generate a signed url for the whole object key:

 aws s3 presign s3://mybucket/some_folder/some_file

See this AWS documentation.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.