AWS presigned url acl public read invalid signature

0 votes

I have a private bucket, I want create a pre signed url that allows a user to upload a file to within the time limit and set the ACL to public read only.

When creating a PutObjectRequest like below it works fine I can PUT the file no problem. When I add ACL: aws.String("public-read"), I get the error 'signature doesn't match' and the PUT fails, here is a sample of the url the GO sdk is generating.

https://<MY-BUCKET>.s3.eu-west-2.amazonaws.com/<MY-KEY>?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<AWS_ACCESS_KEY>/20170505/eu-west-2/s3/aws4_request&X-Amz-Date=20170505T793528Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host;x-amz-acl&X-Amz-Signature=2584062aaa76545665bfed7204fcf0dfe233a45016f698e7e8a11c34a5a7921e

I have tried with the root aws user and a normal user. I have tried with bucket policy and without, and with bucket policy and IAM policy of FULL S3 access and without. Basically all combinations. Any time I add the ACL field the signature error appears.

I am not sure if it's related to the GO SDK or to the AWS service. Can someone advice on what I am to do?

svc := s3.New(session.New(&aws.Config{Region: aws.String("eu-west-2")}))
    req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
        ACL: aws.String("public-read"),
        Bucket: aws.String("MY BUCKET NAME"),
        Key:    aws.String("MY KEY"),
    })
    str, err := req.Presign(15 * time.Minute)

Oct 5, 2018 in AWS by eatcodesleeprepeat
• 4,710 points
3,490 views

1 answer to this question.

0 votes

The error that you got was because error on the aws service end, the url is not being signed.
You have to add a Header to your request because the ACL is read from there. Example PUT: curl -H 'x-
amz-acl: public-read' -X PUT -F file=@path/to/file YOUR_SIGNED_URL

answered Oct 5, 2018 by Priyaj
• 58,020 points

Related Questions In AWS

0 votes
1 answer

AWS S3 presigned URL limit

You can create as many signed URLs ...READ MORE

answered Nov 28, 2018 in AWS by Archana
• 5,640 points
4,037 views
+1 vote
2 answers

Want my AWS s3 Bucket to read Name from CloudWatch Event

CloudTrail events for S3 bucket level operations ...READ MORE

answered May 28, 2018 in AWS by Cloud gunner
• 4,670 points
2,079 views
0 votes
1 answer

Cant see the AWS public IP Adress

35.160.0.0/13 is a CIDR Range. 35.165.39.114 falls between the range. Starting IP: ...READ MORE

answered Jun 1, 2018 in AWS by Cloud gunner
• 4,670 points
598 views
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 58,020 points
5,958 views
–1 vote
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 58,020 points
5,204 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,820 points
2,868 views
0 votes
1 answer

Nodejs AWS SDK S3 Generate Presigned URL

Your code is correct, double check following: Your ...READ MORE

answered Sep 18, 2018 in AWS by Priyaj
• 58,020 points
9,218 views
0 votes
2 answers
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP