1

As per the documentation of aws signing request,

https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

I thought that using aws sdk, it will automatically sign the requests with the access key and secret specified.

I understood the steps that i need to follow while doing GET request without sdk.

So it would be great if anyone please help me to clarify that whether do i need to do anything for enabling the v4 signing for any of the operation(upload/get/delete) in s3?

Acc to the official doc,

Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests to AWS services, in all AWS regions. At this time, AWS Regions created before January 30, 2014 will continue to support the previous protocol, Signature Version 2. Any new Regions after January 30, 2014 will support only Signature Version 4 and therefore all requests to those Regions must be made with Signature Version 4.

so i want keep support of both the v2 for older regions and v4 for new regions.

Please help me with this.

Improve this question
2
  • All regions support signature v4. Some (older) regions also support signature v2. I would recommend that you use signature v4, always. Commented Feb 4, 2020 at 14:07
  • Actually I need help how to enable v4 signing for AWS S3 using AWS Java SDK. Do I need to do anything for enabling the v4 signing for S3 using AWS Java SDK? Commented Feb 4, 2020 at 15:43

1 Answer 1

Reset to default
1

All regions support signature v4. Some (older) regions also support signature v2. I would recommend that you use signature v4, always.

Here's a Java example of configuring signature v4:

ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");

AmazonS3Client s3 = new AmazonS3Client(
    new ProfileCredentialsProvider(), clientConfiguration);

GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(
    myBucket, myKey, HttpMethod.PUT);
URL puturl = s3.generatePresignedUrl(request);
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

thanks for your response @jarmod. So can you please tell me which signing process will be used if nothing is mentioned? Is the signing process automatically gets set by the aws sdk.
It’s not documented. You could try it and see. The v2 and v4 URLs look quite different. I would guess that the SDK uses signature v4 for regions that do not support v2, and v2 for those that do support it. I’m not in a place to try this right now, unfortunately.
First thing I would say is that ENABLE_S3_SIGV4_SYSTEM_PROPERTY appears to be deprecated, so new code should not be written to use it. You'd have to try this to see what impact it has on the S3 pre-signed URL function.
If you are generating a pre-signed URL then you need to make sure that the AWS SDK is configured to use signature v4 for pre-signed URL generation (hence the code I posted). Generating a pre-signed URL is not the same thing as making an API call to an AWS service. For the latter, the SDK takes care of everything you need to sign and send the request. The process of generating a pre-signed URL, in contrast, does not actually involve an API call to an AWS service (it's a local signing calculation).
If you want a client to be able to upload a file to S3 and that client does not have AWS credentials that allow the upload, then you have a couple of options: 1) your server gives client a pre-signed URL or 2) you proxy the upload (the client uploads the file to your server and your server upload the file to S3). The former option (pre-signed URL) is often preferred. It's what the AWS S3 console does, for example. If you fo the pre-signed URL route, then I recommend generating v4 URLs. To do that, see earlier in this answer and this thread. At this point, I suggest coding it and try it out.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.