Unsolved
1 Message
0
7348
S3 signature does not match
Hello!
I'm a developer that is trying to integrate (send data) to a ECS instance using the S3 API.
In maybe 1-5% of the requests we get an error stating that signature doesnt match. Obviously the auth is correct, since most requests goes through and data is stored.
The Error thrown by the client is (hand typed so might be some typos):
com.amazonaws.request - Received error response: com.amazonaws.services.s3.model.amazonS3Exception: The request signature we calculated does not match the signature you provided. Check your secret Access Key and signing method.
I'm wondering if someone else experienced this? It's the random bahavior and the small amount of errors that is a bit confusing in my opinion.
JasonCwik
281 Posts
0
September 18th, 2018 08:00
What version of ECS? Also check the name of the object getting uploaded and/or any metadata you're including. If this is the Java SDK, you can turn on request logging to get all the request headers. https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-logging.html#sdk-net-logging-verbose
Amarjit01
2 Posts
0
April 29th, 2022 07:00
We are using ECS Community Edition v3.6.2.0 have same error reported:
Caused by: software.amazon.awssdk.services.s3.model.S3Exception: The request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method.
I am 100% we are using the correct Secret Access Key. To be sure, where can I check the setting for the signing method in the Community edition?
We run a number of tests and we have 2 partial update tests that give this error. The same code executed against the ECS TestDrive (https://object.ecstestdrive.com) are successful.
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
April 29th, 2022 11:00
Hello Amarjit01,
Here are the links to a couple of kb’s that maybe of assistance.
https://dell.to/3rZNlRs
https://dell.to/3MFYted
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
May 3rd, 2022 14:00
Hello Amarjit01,
Here is what the kb's state.
ECS: 3.7: S3: (HTTP 403) The request signature we calculated does not match the signature you provided
Summary: After upgrade to ECS Release 3.7 S3 application(s) show error: (HTTP 403) The request signature we calculated does not match the signature you provided This happens for applicationsSee more
Audience Level: Customer
Article Content
Symptoms
This only affects applications utilizing signature version 4.
from ECS logs, "?location" request are successful but other PUT/GET requests fail:
search for the error 403:
Cause
In version 3.7 changes were made to bucket-location API. The response from the API is currently " ", causing the signature mismatch.
This is being reworked and will be updated in a later release.
Invalid request:
A valid request is formed including the region:
Resolution
There is two options as a workaround.
First option is to not use signature version 4 and use signature version 2 instead, if applicable.
The second option is to configure a default location.
Please check the documentation for your application how to properly set the region. The default Region is "us-east-1"
Examples:
minio mc:
https://dell.to/3yhbdUR
restic:
set variable AWS_DEFAULT_REGION to the region
or
-o s3.region=" "
Amarjit01
2 Posts
0
May 3rd, 2022 14:00
Hello DELL-Sam L
When trying to access the kb's I get: "This article is permission based. Find another article."
How can I access - I do have a DELL account, but still cannot access the kb's!
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
May 3rd, 2022 14:00
ECS - S3 not working with signature v4 but does with v2
Summary: S3 signature v4 is supported since ECS code version 3.0 but connection might fail when LoadBalancer (LB) or proxy server is configured wrong
Audience Level: Customer
Article Content
Symptoms
Applications such as S3 Browser or CloudBerry Explorer cannot connect to ECS using S3 signature v4 and below error message can be seen:
Cause
Resolution
Please get answers to below questions:
For Apache the below settings should be verified:
Turn this option on to preserve the Host header
Additional Information