S3 access point HTTP access trouble

0

When trying to access an object using an Internet S3 access point with an open read policy, I get "The authorization mechanism you have provided is not supported. Please use Signature Version 4". (using the object URL as reported by the console)

Trying to find the cause, I encountered a confusing document (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-alias.html) that says:

You can use this access point alias name instead of an Amazon S3 bucket name in any data plane operation.

and then

You can use this access point alias name instead of an Amazon S3 bucket name in some data plane operations.

Help ?

tron
已提问 2 年前538 查看次数
1 回答
1
已接受的回答

When you say you're using the object URL as reported by the console, you mean a URL starting with "https://AccessPointName-AccountId.s3-accesspoint.region.amazonaws.com"?

As in https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-restrictions-limitations.html, access points don't support anonymous access and you must use AWS Signature Version 4 when making requests to an access point by using the REST APIs.

I'm not sure what you mean by "open read policy" but if you're trying to allow anonymous public access it won't work.

专家
已回答 2 年前
profile picture
专家
已审核 3 个月前
  • #1, yes, the console lets you go to an object in an access point and it shows, in properties, the URL of the object, thus "the object URL as reported by the console". #2, "open read policy" as a policy that openly allows reading thus enabling, e.g., anonymous access. #3, you are right, I haven't spotted that. But the docs are incoherent when they say you can replace the access point alias for the bucket name in any operation (or something along those lines)

  • is there any way for me to allow public access using access endpoint ?

  • It clearly says you can't...

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则