Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Got SignatureDoesNotMatch when appending pre-signed URL retrieved from CreateUserImportJob to browser

0

I am working on Restful API which makes use of AWS SDK for java to call CreateUserImportJob. I want to get a pre-signed URL to upload CSV file for doing bulk Cognito user import. I am using Postman to call my API which calls CreateUserImportJob API on AWS. I got the pre-signed URL from the response and paste it to a browser right away. However, I always get the following error:

<Error> <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

After some research the bucket name from the returned pre-signed URL is called "aws-cognito-idp-user-import-yul". It seems like it is an AWS internal specific bucket for user import job. This bucket can't be seen even by administrator but you can't create a bucket with this name either as it exists already. I wonder if this is the reason that I got SignatureDoesNotMatch error as I am trying to upload file to this AWS user import specific S3 folder.

Any idea how to resolve this problem is greatly appreciated.

Argomenti
ArchiviazioneSicurezza, identità e conformità
Tag
Servizio di archiviazione semplice di AmazonAmazon CognitoURL pre-firmato
Lingua
English
swai01
posta 4 mesi fa250 visualizzazioni
2 Risposte
1

This may be a longshot, but I've had a similar issue in the past if key contains special characters like %, /, +, or .

AWS
Matthew Jorat
con risposta 4 mesi fa
  • swai01
    4 mesi fa

    Hi Matthew, thank you for your answer. When you say the key, do you mean the Amz-Security-Token, Amz-SignedHeaders, Amz-Credential or Amz-Signature? Thanks again.

  • swai01
    4 mesi fa

    In addition, I got the S3 bucket name "aws-cognito-idp-user-import-yul" from the pre-signed URL. Is this the right S3 bucket name when pre-signed URL is generated through CreateUserImportJob? Thanks everyone again.

0

By key, I mean the secretAccessKey. I recall only having issues when using the link in the browser, but not generating the link. I came across this github issue that sounds similar. See if this helps. https://github.com/aws/aws-sdk-js/issues/3319

AWS
Matthew Jorat
con risposta 4 mesi fa
  • swai01
    4 mesi fa

    Thank you Matthew. I checked my secretAccessKey but it doesn't have any non-alphanumeric characters. After some research the bucket name from the returned pre-signed URL is called "aws-cognito-idp-user-import-yul". It seems like it is an AWS internal specific bucket for user import job. This bucket can't be seen even by administrator but you can't create a bucket with this name either as it exists already. I wonder if anyone has ever upload any file to this bucket before? Thanks again.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente