S3 access point HTTP access trouble

0

When trying to access an object using an Internet S3 access point with an open read policy, I get "The authorization mechanism you have provided is not supported. Please use Signature Version 4". (using the object URL as reported by the console)

Trying to find the cause, I encountered a confusing document (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-alias.html) that says:

You can use this access point alias name instead of an Amazon S3 bucket name in any data plane operation.

and then

You can use this access point alias name instead of an Amazon S3 bucket name in some data plane operations.

Help ?

tron
已提問 2 年前檢視次數 531 次
1 個回答
1
已接受的答案

When you say you're using the object URL as reported by the console, you mean a URL starting with "https://AccessPointName-AccountId.s3-accesspoint.region.amazonaws.com"?

As in https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-restrictions-limitations.html, access points don't support anonymous access and you must use AWS Signature Version 4 when making requests to an access point by using the REST APIs.

I'm not sure what you mean by "open read policy" but if you're trying to allow anonymous public access it won't work.

專家
已回答 2 年前
profile picture
專家
已審閱 3 個月前
  • #1, yes, the console lets you go to an object in an access point and it shows, in properties, the URL of the object, thus "the object URL as reported by the console". #2, "open read policy" as a policy that openly allows reading thus enabling, e.g., anonymous access. #3, you are right, I haven't spotted that. But the docs are incoherent when they say you can replace the access point alias for the bucket name in any operation (or something along those lines)

  • is there any way for me to allow public access using access endpoint ?

  • It clearly says you can't...

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南