I am trying to upload a file using a presigned URL to aws S3 bucket in Postman. Presigned URL is generated without any errors. But when I use the URL to upload the file, I am getting 403 Forbidden | AccessDenied error. Steps I am following:
Use POST method for new API call to upload file to generated presigned URL.
Copy the fields that I get from the presigned URL to form data in new API call.
Content type is not set in new API call
Set new key "file" and select the file to be uploaded.
In the aws s3 bucket policy s3:PutObject; s3:PutObjectAcl; Principal: * is set. And also in corresponding Lambda function, the permissions for s3:PutObject; s3:PutObjectAcl is also set.
But Postman is complaining
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>xxx</RequestId>
<HostId>xxx</HostId>
</Error>
I have also followed some other posts https://stackoverflow.com/a/60742599/17762566
Can anyone please let me know what is the issue and how to resolve it?
Thanks in advance
Related
Have following code to generate pre-signed URL:
params = {'Bucket': bucket_name, 'Key': object_name}
response = s3_client.generate_presigned_url('get_object',
Params=params,
ExpiresIn=expiration)
that works fine on old one bucket I am using for last year:
https://old-bucket.s3.amazonaws.com/test_image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIxxxxxxxxxxE%2F20210917%2Feu-north-1%2Fs3%2Faws4_request&X-Amz-Date=20210917T210448Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=54e173601fec5f140dd901b0eae1dafbcd8d7ee8b8f311fdc1b120ca447cdd0c
I can paste this URL to browser and download file. File is AWS-KMS encrypted.
But same AWS-KMS encrypted file uploaded to new one created bucket returns following URL:
https://new-bucket.s3.amazonaws.com/test_image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIxxxxxxxxxxE%2F20210917%2Feu-north-1%2Fs3%2Faws4_request&X-Amz-Date=20210917T210500Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=2313e0131d4251f9fba522fc8e9880d960f674f3449e141848bd38ca19e1b528
returns SignatureDoesNotMatch error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.
No any changes in source code - but just bucket name provided to generate_presigned_url function.
The IAM user I am providing to boto3.client has write/read permissions for both buckets.
Comparing properties and permissions for both buckets and for files I am requesting from buckets - everything looks the same.
GetObject and PutObject works fine for both buckets in a case of dealing with file directly. The issue is only in a case of using pre-signed URL.
So is any settings/permissions/rules/anything else need to be configured/enabled to make pre-signed URLs working with certain S3 bucket?
I want to create a system that will use AWS S3 for storage. We want the files to be NOT available for the internet but we want to be able to share them. In order to do that we need to do a presign. For example take the attached file test_file.gsm. The URL is https://bender-family.s3.amazonaws.com/test_file.gsm and the S3 path is s3://bender-family.s3.amazonaws.com/test_file.gsm. If I try to pre-sign it with aws s3 presign s3://bender-family.s3.amazonaws.com/test_file.gsm I get back:
root#server2:~# aws s3 presign s3://bender-family.s3.amazonaws.com/test_file.gsm
https://s3.amazonaws.com/bender-family.s3.amazonaws.com/test_file.gsm?AWSAccessKeyId=(aws access key here)&Signature=(signature here)&Expires=1624596709
root#server2:~#
However the returned URL doe NOT work. I get back a NoSuchBucket error.
root#server2:~# curl 'https://s3.amazonaws.com/bender-family.s3.amazonaws.com/test_file.gsm?AWSAccessKeyId=(aws access key here)&Signature=(signature here)&Expires=1624596709'
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist</Message><BucketName>bender-family.s3.amazonaws.com</BucketName><RequestId>J9PMQAXV49P011B2</RequestId><HostId>(HostID Here)</HostId></Error>root#server2:~#
root#server2:~#
Is there something that I am doing wrong?
The gsm file is here if needed:
https://filebin.net/io13mgvf92eayq36
Use:
aws s3 presign s3://bender-family/test_file.gsm
(without the s3 part).
I am trying to create an s3-bucket in my aws account using postman. see below screenshot
I just pass Host:divyeshjjjjjj.s3.amazonaws.com in header and in Authorization see below image.
and body as none. but every time i requesting it is giving me below response.
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>NoSuchBucket</Code>
<Message>The specified bucket does not exist</Message>
<BucketName>divyeshjjjjjj</BucketName>
<RequestId>FD3A666A6D53532F</RequestId>
<HostId>TggknsaHzbwQi3y+k0hPCRAWq+z2XOGDrc7SX+ucvLQ2uuOIbHzYnfFClhwMyS09Q2WvDA2pBsE=</HostId>
</Error>
i am surfing from past 2 days don't know what problem is? please, help if you can!
The URL line should always have / while creating a bucket, nothing else. In your case, it's doc/2003-06-01. It seems you are trying to create a folder/object in your bucket. We can't have nested buckets in S3.
enter image description here
Please see the screenshot-
I am new to Pentaho and AWS S3. I am trying to download a file from Amazon S3 using Pentaho but getting the following error:-
org.jets3t.service.S3ServiceException: S3 GET failed for '/' XML Error Message:
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>XXXXX</RequestId>
<HostId>XXXXXXX</HostId>
</Error>
I can used the same key to connect the Amazon using Cyberduck, so key is working correct.
pentaho might scanning for all the buckets because of /, try providing access to all bucket or mention correct bucket in url. As s3 has case sensitive check for url format and naming conventions.
I am new to Amazon web CloudFront console and S3 buckets. I am trying to get on-demand streaming work. When tried to view my uploaded video- ism file in the s3 bucket, I get the following XML response when entered following URL in a web browser:
http://mybucket.s3.amazonaws.com/videos/video_1/BigBuckBunny.ism/Manifest
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>C1EC48985EE12047</RequestId>
<HostId>
L7JtCmEHm9W3HUeZEV08GyoFBxiC4krHvoiQyPZrYxeOaIP8yhMJKP60+eIo5qTZcsDasW48Ck8=
</HostId>
</Error>
I am able to download this same ism file, using an url; http://mybucket.s3.amazonaws.com/videos/video_1/BigBuckBunny.ism. Then why only an issue with the manifest file which I will be accessing from my application?
From the following documentation given on Amazon, I have followed all 4 steps and I am now stuck at Step- 5.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/on-demand-streaming-smooth.html
What could I be missing? Any help is appreciated.
Amazon S3 does not know how to handle ism files, that's why /manifest doesn't work. What you need to do is configure your distribution with smooth streaming enabled, like the link you provided, and replace the s3 URL with cloudfront.
http://d124.cloudfront.net/videos/video_1/BigBuckBunny.ism/Manifest