uploading image using pre-signed url to s3 alway returns 403 error

Question

I am trying to upload an image from my iPhone app to S3 using pre-signed url. AWS ended up with no answer.

Step 1: iPhone send a request to server to GET S3 link to upload an image

 {
    randomKey = "EJg=";
    "signed_request" = "https://as-profile.s3.amazonaws.com/EJg%3Dios_1442061863.jpg?AWSAccessKeyId=AKIXXXXXSWPIXXXXXNXQ&Expires=1442062152&Signature=L%2BMq%2FLMXXXXXXXXzmvyGXXXXXzU%3D";
    url = "https://as-profile.s3.amazonaws.com/EJg%3Dios_1442061863.jpg";
}

Step 2: Using "signed_request" value I am trying to upload an image to S3 using method "PUT"

NSURL *url = [NSURL URLWithString:dict[@"signed_request"]];
// adding signed_request 
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
[request setHTTPBody:imgData];
[request setValue:@"public-read" forHTTPHeaderField:@"x-amz-acl"];
[request setValue:@"image/jpeg" forHTTPHeaderField:@"Content-Type"];
[request setHTTPMethod:@"PUT"];

NSURLSessionDataTask *task1 = [self.session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {

                NSError *err;

                NSString *dataString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
                //
                NSLog(@"data = %@", dataString);

 }];
 [task1 resume];

//Response from server

{ status code: 403, headers { URL: https://as-profile.s3.amazonaws.com/EJg%3Dios_1442061863.jpg?AWSAccessKeyId=AKIXXXXXSWPIXXXXXNXQ&Expires=1442062152&Signature=L%2BMq%2FLMXXXXXXXXzmvyGXXXXXzU%3D } { status code: 403, headers {
    Connection = close;
    "Content-Type" = "application/xml";
    Date = "Sat, 12 Sep 2015 12:44:30 GMT";
    Server = AmazonS3;
    "Transfer-Encoding" = Identity;
    "x-amz-id-2" = "mmKNUnKaR5bA4AY/odP2iLY4JAdPkFX7kqdCEteU+Lju2py7BC909ME+Z7+QQMM0Tq64UWtlgCQ=";
    "x-amz-request-id" = 3AE1557722FFB82F;
} }

//DATA i receive

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIXXXXXSWPIXXXXXNXQ</AWSAccessKeyId><StringToSign>PUT

image/jpeg
1442062152
x-amz-acl:public-read
/as-profile/EJg%3Dios_1442061863.jpg</StringToSign><SignatureProvided>L+Mq/LM2LWlBA8TzmvyGt19AJzU=</SignatureProvided><StringToSignBytes>50 55 54 0a 0a 69 6d 61 67 65 2f 6a 70 65 67 0a 31 34 34 32 30 36 32 31 35 32 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 2f 61 73 2d 70 72 6f 66 69 6c 65 2f 45 4a 67 25 33 44 69 6f 73 5f 31 34 34 32 30 36 31 38 36 33 2e 6a 70 67</StringToSignBytes><RequestId>3AE1557722FFB82F</RequestId><HostId>mmKNUnKaR5bA4AY/odP2iLY4JAdPkFX7kqdCEteU+Lju2py7BC909ME+Z7+QQMM0Tq64UWtlgCQ=</HostId></Error>

Answer 1

I am unable to find an error in your code; however, as the response states, your SignatureDoesNotMatch the expected value. No secret password, no access to the secret club. Start with the basics and then narrow in on the details:

• Verify you are using the right pair of keys for ID, signature, etc
• Verify that set of keys is for the right AWS/S3 account (not crossing lanes from Dev to Prod, etc)
• Verify the AWS account connected to those keys has rights to access the S3 container you're targeting
• Verify the AWS account is in the correct region, and that the request is going to that region
• Make sure you're targeting the latest S3 API
• Try duplicating the request from another client platform (browser, console, REST tool) to see if the error is platform-specific
• Check the algorithm you're using to generate the signature to ensure it is working correctly
• Look for common coding mistakes in assembling your request to be sure your request is well-formed (e.g. URL/whitespace encoding, reserved XML characters)
• Follow the AWS Troubleshooting Guide
• If no errors are found, don't rule out that it could be a bug on Amazon's side and consider filing a bug report or opening a support case.