- Newest
- Most votes
- Most comments
Hi Paulvdb,
Glad to hear you're enjoying S3 Object Lambda. I believe Boto3 defaults to using Signature Version 2 when presigning requests. Can you try setting the signature version to SigV4 when creating the S3 client to see if that helps?
Something like:
s3 = boto3.client('s3', config=Config(signature_version='s3v4'))
I can confirm that this is the case. Interestingly, if you generate a presigned URL from the CLI (V2), it will automatically default to using Sigv4. The AWS documentation on this seems to be out of date and does not include the updated signature version needed: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html.
What is up to date is this guide here explaining in more detail how to generate the presigned URLs with the updated signature version: https://howtocloud.io/generate-s3-presigned-urls-with-boto3/.
Kudos to the first user for including the exact same code snippet that I gave to another user who was debugging.
I was able to create presigned url using Lambda with boto3, but was no able to download the file using generated URL,
got Access Denied error, fix was to add lambda IAM permission : "s3:GetObject"
Relevant content
- asked 8 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 days ago
- AWS OFFICIALUpdated 3 years ago
The AWS CLI V2 does not support Sigv2. This is noted as a breaking change in the AWS CLI v2 migration guide under the section "AWS CLI version 2 uses only Signature v4 to authenticate Amazon S3 requests":
https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration-changes.html#cliv2-migration-sigv4
The Python SDK
boto3
still uses older signing methods by default with presign commands for backwards compatibility.