Generate presigned url for S3 Object Lambda


Recently S3 Object Lambda got released, which I think is really cool. I have a working setup where I can use retrieve an object via the get_object BOTO3 method with the S3 Object Lambda. Also generating a presigned url directly on the bucket works. But when I try to generate one for the S3 Object Lambda as follows:
url = s3.generate_presigned_url("get_object", Params={
"Bucket": "arn:aws:s3-object-lambda:eu-west-1:account-id:accesspoint/my-object-lambda",
"Key": "filename.txt",
I get the error:

<?xml version="1.0" encoding="UTF-8"?><Error xmlns=""><Code>MissingAuthenticationToken</Code><Message>Missing authentication token.</Message><RequestId>REDACTED</RequestId><HostId>{host-id}</HostId></Error>

Is this not supposed to work (yet)?

Edited by: Paulvdb on Mar 31, 2021 11:17 AM

asked 3 years ago4222 views
3 Answers
Accepted Answer

Hi Paulvdb,

Glad to hear you're enjoying S3 Object Lambda. I believe Boto3 defaults to using Signature Version 2 when presigning requests. Can you try setting the signature version to SigV4 when creating the S3 client to see if that helps?

Something like:

s3 = boto3.client('s3', config=Config(signature_version='s3v4'))

answered 3 years ago
profile picture
reviewed 7 days ago
profile picture
reviewed 2 months ago

I can confirm that this is the case. Interestingly, if you generate a presigned URL from the CLI (V2), it will automatically default to using Sigv4. The AWS documentation on this seems to be out of date and does not include the updated signature version needed:

What is up to date is this guide here explaining in more detail how to generate the presigned URLs with the updated signature version:

Kudos to the first user for including the exact same code snippet that I gave to another user who was debugging.

answered 2 years ago

I was able to create presigned url using Lambda with boto3, but was no able to download the file using generated URL, got Access Denied error, fix was to add lambda IAM permission : "s3:GetObject"

profile picture
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions