S3 Post Policy - invalid value for x-amz-checksum-sha256

I'm using S3 presigned post policies to upload files to an S3 bucket and I'm trying to make use of the x-amz-checksum-sha256 condition, but I can not figure out how to successfully post a file using x-amz-checksum-sha256. Whenever I try to post a file AWS returns a 400 with the message of Value for x-amz-checksum-sha256 header is invalid but I don't know what this means. In what way is the sha256 value I'm producing "invalid"?

Here's an example of how I'm trying to accomplish this. I'm using a standard file <input> element for file selection.

const fileBlob = new Blob([file])
const arrayBuffer = await fileBlob.arrayBuffer()
const fileUint8 = new Uint8Array(arrayBuffer)
const hashBuffer = await crypto.subtle.digest("SHA-256", fileUint8);
const hashArray = Array.from(new Uint8Array(hashBuffer)); // convert buffer to byte array
const sha256Checksum = hashArray
  .map((b) => b.toString(16).padStart(2, "0"))
  .join('');
const base64Checksum = btoa(sha256Checksum)

const postData = await backendAPICallToGetPresignedPost({base64Checksum})

const postForm = new FormData();
Object.keys(postData.fields).forEach((key) => {
  return postForm.append(key, postData.fields[key])
})
postForm.append('x-amz-checksum-algorithm', 'SHA256');
postForm.append('x-amz-checksum-sha256', base64Checksum);
postForm.append('file', file);

axios.post('S3-url', postForm)

And here is how I am created the presigned post. The base64 encoded checksum is passed to the server to use when creating the policy.

const aws = require('aws-sdk');

const s3 = new aws.S3({
    region: awsRegion,
    accessKeyId: s3AccessKeyId,
    secretAccessKey: s3SecretAccessKey,
});

return await s3.createPresignedPost({
    Bucket: 'bucket-name',
    Fields: {
        key: `${s3ProductImageFolder}/${brandName}/${fileName}`,
    },
    Conditions: [
        { 'x-amz-checksum-algorithm': 'SHA256' },
        { 'x-amz-checksum-sha256': base64Checksum },
    ],
});

FYI I'm using version 2.1424.0 of the javascript AWS SDK

I've confirmed that the sha256 value that I am generating with the above javascript is the same as what is generated by the sha256sum GNU utility. The test file that I am using generates the following sha256 hash: 1789f8b9f648498f5abcfe3c71b7fb4047143b431022d477d27a7acba64d2ca8

Themen

Speicher

Relevanter Inhalt

Warum erhalte ich die Fehlermeldung „Unable to validate the following destination configurations“, wenn ich eine Amazon S3-Ereignisbenachrichtigung erstelle?
AWS OFFICIALAktualisiert vor 8 Monaten
Wie behebe ich den Fehler „Unable to validate the following destination configurations“ in AWS CloudFormation?
AWS OFFICIALAktualisiert vor 2 Jahren
Wie kann ich den IAM-Vertrauensrichtlinienfehler „Failed to update trust policy. Invalid principal in policy“ (Vertrauensrichtlinie konnte nicht aktualisiert werden. Ungültiger Prinzipal in Richtlinie) beheben?
AWS OFFICIALAktualisiert vor einem Jahr
Wie behebe ich den Fehler „Unable to verify/create output bucket“ in Amazon Athena?
AWS OFFICIALAktualisiert vor 3 Jahren