Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

S3 Presigned URL doesn't work from newly created buckets

0

Problem description (Python 3.12):

13-Sept: Created a new "bucket_1" (AWS console), added a new "file_1" (AWS console), created a presigned URL to get the "file_1" from "bucket_1" (AWS boto3). Link doesn't work. Error: <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> ..........

14-Sept: Created a new presigned URL for the old (yesterday's) "file_1" from the old (yesterday's) "bucket_1" (AWS boto3). Link works fine (the same code, same IAM user, same computer).

14-Sept: Created a new "bucket_2", added a new "file_2", created a presigned URL to get the "file_2" from "bucket_2" (AWS boto3). Link doesn't work. Error the same (SignatureDoesNotMatch).

14-Sept: The old "file_1" added to the new "bucket_2" (AWS console), created a presigned URL for the "file_1" from "bucket_2" (AWS boto3). Link doesn't work. Error the same (SignatureDoesNotMatch).

Were checked:

  • credentials (the same account)
  • permissions (IAM user has "Administrator access")
  • naming of the buckets and files are unchanged
  • region of the bucket and bucket creator are the same
  • signing method (by default it is "SigV4" in boto3)
  • using AWS CLI gives the same result
  • BUT: directly creating presigned url in the AWS console always works fine

I can't imagine where to look. Any help would be appreciated.

Topics
Storage
Tags
presigned URLAmazon Simple Storage Service
Language
English
asked 2 years ago647 views
2 Answers
3
Accepted Answer

Hello.

What code are you using to issue Presigned URLs?
I answered a similar problem a while ago, but at that time I was able to resolve it by specifying "endpoint_url" when creating the S3 client.
https://repost.aws/questions/QUxFKBL7VwSomPT1thHt6qLg/pre-signed-url-timezone-put#ANuoLZPqTsRv-qu4eWLc67-A

s3_client = boto3.client('s3',region_name="eu-central-1",endpoint_url="https://s3.eu-central-1.amazonaws.com")
EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago
1

It may be that you fell into a specific case of limits within the presigned URLs of S3 as specified in https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html#PresignedUrlUploadObject-LimitCapabilities

Can we look at the code you use so we can spot anything in there?

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
  • Alex
    2 years ago

    Thank you for help. I saw this resource early and have already checked the solutions that suggested there. Nothing helped me.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content