Best IT Recipes

The provided authorization mechanism is not supported. Use AWS4-HMAC-SHA256

I get the error message AWS::S3::Errors::InvalidRequest The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256. AWS::S3::Errors::InvalidRequest The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256. when I try to upload a file to an S3 bucket in the new region of Frankfurt. Everything works correctly with the US Standard .

Script:

 backup_file = '/media/db-backup_for_dev/2014-10-23_02-00-07/slave_dump.sql.gz' s3 = AWS::S3.new( access_key_id: AMAZONS3['access_key_id'], secret_access_key: AMAZONS3['secret_access_key'] ) s3_bucket = s3.buckets['test-frankfurt'] # Folder and file name s3_name = "database-backups-last20days/#{File.basename(File.dirname(backup_file))}_#{File.basename(backup_file)}" file_obj = s3_bucket.objects[s3_name] file_obj.write(file: backup_file)

aws-sdk (1.56.0)

How to fix it?

Thank.

+108
ruby amazon-s3 amazon-web-services aws-sdk
Oct 23 '14 at 16:52
source share
12 answers

AWS4-HMAC-SHA256, also known as Signature Version 4 ("V4"), is one of two authentication schemes supported by S3.

All regions support V4, but US-Standard & sup1; and many, but not all, other regions also support a different, older scheme, Signature Version 2 ("V2").

According to http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html ... new S3 regions deployed after January 2014 will only support V4.

Since Frankfurt was introduced at the end of 2014, it does not support V2, and it is this error that indicates what you are using.

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html explains how to enable V4 in various SDKs if you use an SDK that has this feature.

I would suggest that some older versions of the SDK may not support this option, so if this does not help, you may need the newer version of the SDK that you are using.



? sup1; US Standard is the former name for the S3 regional deployment, which is based in the us-east-1 . From the time this answer was originally written, "Amazon S3 has renamed the standard US region to the US region (Virginia) to comply with AWS regional naming conventions." For all practical purposes, this is just a naming change.

+139
Oct 23 '14 at 22:03
source share

Using node try

 var s3 = new AWS.S3( { endpoint: 's3-eu-central-1.amazonaws.com', signatureVersion: 'v4', region: 'eu-central-1' } );
+54
Jul 26 '15 at 11:10
source share

You must set signatureVersion: 'v4' in config to use the new version of the sign:

 AWS.config.update({ signatureVersion: 'v4' });

Works for JS sdk.

+27
Mar 24 '15 at 13:28
source share

For users using boto3 ( Python SDK ), use the code below

 from botocore.client import Config s3 = boto3.resource( 's3', aws_access_key_id='xxxxxx', aws_secret_access_key='xxxxxx', config=Config(signature_version='s3v4') )
+22
Dec 22 '16 at 7:06
source share

A similar problem with the PHP SDK, this works:

 $s3Client = S3Client::factory(array('key'=>YOUR_AWS_KEY, 'secret'=>YOUR_AWS_SECRET, 'signature' => 'v4', 'region'=>'eu-central-1'));

The important bit is signature and region

+12
Jan 30 '15 at
source share

I used Django and I had to add these additional configuration variables to make this work. (in addition to the settings specified in https://simpleisbetterthancomplex.com/tutorial/2017/08/01/how-to-setup-amazon-s3-in-a-django-project.html ).

 AWS_S3_REGION_NAME = "ap-south-1" AWS_S3_SIGNATURE_VERSION = "s3v4"
+7
04 Oct '18 at 8:55
source share

In Java, I had to set a property

 System.setProperty(SDKGlobalConfiguration.ENFORCE_S3_SIGV4_SYSTEM_PROPERTY, "true")

and add the scope to the s3Client instance.

 s3Client.setRegion(Region.getRegion(Regions.EU_CENTRAL_1))
+3
Nov 12 '16 at 0:04
source share

For boto3, this is the code:

 s3_client = boto3.resource('s3', region_name='eu-central-1')

or

 s3_client = boto3.client('s3', region_name='eu-central-1')
+3
Jul 26 '17 at 7:50
source share

For thumbor-aws that used boto config, I needed to put this in $AWS_CONFIG_FILE

 [default] aws_access_key_id = (your ID) aws_secret_access_key = (your secret key) s3 = signature_version = s3

So, everything that boto used directly without changes can be useful

+2
Mar 22 '17 at 15:52
source share

For Android SDK, setEndpoint solves the problem, although it is deprecated.

 CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider( context, "identityPoolId", Regions.US_EAST_1); AmazonS3 s3 = new AmazonS3Client(credentialsProvider); s3.setEndpoint("s3.us-east-2.amazonaws.com");
+1
Apr 16 '17 at 22:09 on
source share

Sometimes the default version is not updated. Add this command

 AWS_S3_SIGNATURE_VERSION = "s3v4"

in settings.py

0
Feb 27 '19 at 10:55
source share

Essentially, the error was that I used the old version of aws-sdk and updated the version so that this error occurred.

in my case with js node I used signatureVersion in parmas object as follows:

 const AWS_S3 = new AWS.S3({ params: { Bucket: process.env.AWS_S3_BUCKET, signatureVersion: 'v4', region: process.env.AWS_S3_REGION } });

Then I signed from the params object and worked like a charm:

 const AWS_S3 = new AWS.S3({ params: { Bucket: process.env.AWS_S3_BUCKET, region: process.env.AWS_S3_REGION }, signatureVersion: 'v4' });
0
Jul 29 '19 at 11:45
source share


More articles:


All Articles