3

We're creaeing amazon S3 signed urls using (com.amazonaws:aws-java-sdk version 1.11.18) -

AmazonS3 s3 = new AmazonS3Client(credentials);
s3.generatePresignedUrl(bucketName, objectName, expiration, method);

We expect to get a signed url that contains a query parameter called “signature” (v2 signing).

We noticed that in our servers, some requests result in v4 signing - where we unexpectedly get an "x-amz-signature” query parameter as part of the signed url.

Once this starts - it’s reproducible on the server for the same requested s3 object. However, requests to sign other objects will still sign using v2. Restarting the tomcat service on the broken server “fixes” the issue.

Any idea what could cause the library to start signing some objects with v4?

Improve this question
3
  • Not all regions/buckets support V2... are you signing requests for objects in multiple buckets across multiple regions? Commented Dec 7, 2017 at 13:59
  • Multiple buckets in the same region, where V2 signing has always worked Commented Dec 23, 2017 at 11:54
  • Note that certain new features require V4 signing in every region. I'm not saying that's directly related here but this may be an artifact of changes that have been introduced for forward-looking reasons, so fighting it might not be advisable. Commented Dec 23, 2017 at 15:48

1 Answer 1

Reset to default
1

The issue was reproduced in the current version of the sdk (1.11.244). Eventually we went about manually setting the config -

s3 = new AmazonS3Client(credentials,
                    new ClientConfiguration().withSignerOverride("NoOpSignerType"));

We suspect that this behaviour was caused because of the internal implementation of the createSigner method, signs requests with V4 if the bucket is contained in the map. - 

private static final Map<String, String> bucketRegionCache
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.