Menu
We're creaeing amazon S3 signed urls using (com.amazonaws:aws-java-sdk version 1.11.18) -
AmazonS3 s3 = new AmazonS3Client(credentials);
s3.generatePresignedUrl(bucketName, objectName, expiration, method);
We expect to get a signed url that contains a query parameter called “signature” (v2 signing).
We noticed that in our servers, some requests result in v4 signing - where we unexpectedly get an "x-amz-signature” query parameter as part of the signed url.
Once this starts - it’s reproducible on the server for the same requested s3 object. However, requests to sign other objects will still sign using v2. Restarting the tomcat service on the broken server “fixes” the issue.
Any idea what could cause the library to start signing some objects with v4?
622
The issue was reproduced in the current version of the sdk (1.11.244). Eventually we went about manually setting the config -
s3 = new AmazonS3Client(credentials,
new ClientConfiguration().withSignerOverride("NoOpSignerType"));
We suspect that this behaviour was caused because of the internal implementation of the createSigner method, signs requests with V4 if the bucket is contained in the map. -
private static final Map<String, String> bucketRegionCache
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With