Unsolved
1 Message
0
1916
CTA with AWS
I am trying to setup a CTA VE environment to work with AWS S3.
The AWS login details work fine with S3 browser but in CTA, verify always fails with Error: S3 authentication failed: General error
I found this in the system.log
Nov 16 12:59:47 FileManagementDa(4178) [15-110-4-21]: (ERROR) CloudAdapter::SendAndParseHTTPResponse OID xyz-cta+cta_dummy_oid READ API VERSION operation failed
Nov 16 12:59:47 FileManagementDa(4178) [15-110-4-96]: (ERROR) CloudAdapter::GetApiVersion: OID xyz-cta+cta_dummy_oid failed to get bucket location.
Nov 16 12:59:47 FileManagementDa(4178) [15-109-4-1]: (INFO) Unable to create AmazonS3Adapter object bucketName=xyz-cta DNSName=s3-r-w.eu-central-1.amazonaws.com
Nov 16 12:59:47 FileManagementDa(4178) [15-109-4-95]: (WARNING) AmazonS3Adapter::private_attachSignature_v2: OID unable to get bucket name from OID, using currently configured bucket name
Nov 16 12:59:47 FileManagementDa(4178) [15-109-4-46]: (ERROR) AmazonS3Adapter::parseResponseError: AmazonS3 Bucket xyz-cta: HTTP status 400 : Bad Request
Nov 16 12:59:47 FileManagementDa(4178) [15-109-4-56]: (ERROR) AmazonS3Adapter::parseResponseError: AmazonS3 [Bucket xyz-cta] returned content error code 'InvalidRequest' message 'The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.'
Nov 16 12:59:47 FileManagementDa(4178) [15-109-4-50]: (ERROR) AmazonS3Adapter::parseResponseError: AmazonS3 Bucket xyz-cta: error: 400 Bad Request
Nov 16 12:59:47 FileManagementDa(4178) [15-110-4-21]: (ERROR) CloudAdapter::SendAndParseHTTPResponse OID CREATE operation failed
Nov 16 12:59:47 FileManagementDa(4178) [15-110-4-168]: (ERROR) CloudAdapter::CreateObjectTest: SendAndParseHTTPResponse failed
Nov 16 12:59:47 FileManagementDa(4178) [15-110-4-179]: (ERROR) CloudAdapter::VerifyConnection: Unable to create dummy object
Nov 16 12:59:47 FileManagementDa(4178) [15-39-4-35]: (INFO) Command fm AuthenticateAmazonS3 returned -1: AmazonS3 authentication failed: General error
Nov 16 12:59:50 FileManagementDa(4189) [15-42-4-84]: (INFO) Command received: AuthenticateAmazonS3 from user admin
Nov 16 12:59:51 FileManagementDa(4189) [15-110-4-21]: (ERROR) CloudAdapter::SendAndParseHTTPResponse OID xyz-cta+cta_dummy_oid READ API VERSION operation failed
Nov 16 12:59:51 FileManagementDa(4189) [15-110-4-96]: (ERROR) CloudAdapter::GetApiVersion: OID xyz-cta+cta_dummy_oid failed to get bucket location.
Nov 16 12:59:51 FileManagementDa(4189) [15-109-4-1]: (INFO) Unable to create AmazonS3Adapter object bucketName=xyz-cta DNSName=xyz-cta.s3.eu-central-1.amazonaws.com
Nov 16 12:59:51 LogDaemon(4178) [15-110-4-21]: (INFO) Message repeated 1 times since 12:59:47
Where in the appliance can I change the settings to AWS4-HMAC-SHA256?
Do I need to make any other changes to get it working with AWS?
Thank you
Kenneth Aviles
14 Posts
0
November 23rd, 2021 04:00
Hello,
CTA supports both AWS Authentication methods, Signature Version 2 and Signature Version 4. With CTA version 12.1 and onwards, CTA will negotiate the version set in the AWS bucket. Make sure you are running either CTA12.1 or the latest CTA13.1.
Does the region in which S3 bucket which you are using supports Signature Version 4 and Version 2 or only one of them?
See the following AWS doc for more details on the AWS Signature Versions. https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html